CVE-2023-39305

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 13, 2024
CWE ID 862

Summary

CVE-2023-39305 is a missed authorization vulnerability affecting Yet Another Stars Rating (YASR), a popular WordPress plugin used for displaying user ratings. The issue stems from YASR's misconfiguration of access control security levels, allowing unauthorized access and potential exploitation. This vulnerability can impact any version of YASR from n/a through 3.4.3. Malicious actors can exploit this flaw to gain unwarranted privileges and manipulate user ratings, posing a significant threat to the security and integrity of affected websites. Users are urged to update to the latest version of YASR or implement appropriate security measures to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share