WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.4 - Unauthenticated Data Modification via IDOR

Description

The plugin does not prevent non-administrator users from changing data.

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.4

References

CVE
CVE-2023-3869

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Vladislav Pokrovsky
Verified
No
WPVDB ID
d7de195a-a932-43dd-bbb4-784a19324b04

Timeline

Publicly Published
2023-09-12 (about 2 years ago)
Added
2023-10-20 (about 2 years ago)
Last Updated
2023-10-20 (about 2 years ago)

Other

Published
Title
Published
2025-02-06
Title
Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure
Published
2024-11-22
Title
Enter Addons – Ultimate Template Builder for Elementor < 2.2.0 - Authenticated (Contributor+) Post Disclosure
Published
2025-06-24
Title
WP SmartPay < 2.8.0 - Authenticated (Subscriber+) Account Takeover
Published
2025-03-24
Title
User Registration & Membership (Free < 4.1.2, Pro < 5.1.2) - Unauthenticated Privilege Escalation
Published
2025-05-12
Title
Subaccounts for WooCommerce < 1.6.7 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover