CVE-2023-2174
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 31, 2023
Updated: Nov 7, 2023
Summary
CVE-2023-2174 is a vulnerability affecting the BadgeOS plugin for WordPress. This issue allows authenticated attackers, with subscriber-level permissions and above, to bypass capability checks and delete log entries through the delete_badgeos_log_entries function in versions up to 3.7.1.6. As a result, attackers can modify plugin data, potentially leading to unintended consequences or system compromises. It is strongly recommended that users of these affected versions upgrade to the latest patch to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft Windows 7
- Microsoft Windows 10
- Microsoft Windows 8.1
- Microsoft Windows Server 2012
- Microsoft Windows Server 2016
Affected Vendors
- Microsoft