CAOS < 4.7.15 – Unauthenticated Settings Update | CVE 2023-6637

Affects Plugins

host-analyticsjs-local

Fixed in 4.7.15

References

CVE

CVE-2023-6637

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec1fd03-f865-4f58-b63b-e70c0c7e701d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

István Márton

Verified

No

WPVDB ID

f5647714-a72e-4964-889b-95c593c04251

Timeline

Publicly Published

2023-12-12 (about 2 years ago)

Added

2023-12-13 (about 2 years ago)

Last Updated

2023-12-13 (about 2 years ago)

Other

Published

Title

Published

2025-12-12

Title

Easy Property Listings < 3.5.23 - Missing Authorization

Published

2026-01-18

Title

Sober <= 3.5.12 - Missing Authorization

Published

2023-11-03

Title

Simple Job Board < 2.10.6 - Missing Authorization

Published

2025-05-30

Title

MaxiBlocks < 2.1.1 - Contributor+ Arbitrary Options Update

Published

2025-07-17

Title

Block Editor Gallery Slider < 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Post Meta Update