CVE-2023-4282

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 10, 2023
Updated: Nov 7, 2023

Summary

CVE-2023-4282 is a data loss vulnerability affecting the EmbedPress plugin for WordPress. The issue lies in the lack of capability checks on the 'admin_post_remove' and 'remove_private_data' functions, which are present in versions 3.8.2 and below. This vulnerability enables authenticated attackers with subscriber privileges or higher to delete plugin settings, resulting in unauthorized loss of data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apple (iPhone OS)
  • iPadOS

Affected Vendors

  • Apple