WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.4 - Author+ IDOR

Description

The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on a function.

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.4

References

CVE
CVE-2023-46311

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
d5e677ef-786f-4921-97d9-cbf0c2e21df9

Timeline

Publicly Published
2023-10-22 (about 2 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2025-11-11
Title
Wishlist and Save for later for Woocommerce < 1.1.23 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion
Published
2025-06-06
Title
BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update
Published
2024-11-12
Title
WP ERP < 1.13.4 - Unauthorized Access to Terminated Employee Information
Published
2026-01-01
Title
Holmes <= 1.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
Published
2023-08-01
Title
Stripe Payment Plugin for WooCommerce < 3.7.8 - Authentication Bypass