CVE-2023-4282
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Aug 10, 2023
Updated: Nov 7, 2023
Summary
CVE-2023-4282 is a data loss vulnerability affecting the EmbedPress plugin for WordPress. The issue lies in the lack of capability checks on the 'admin_post_remove' and 'remove_private_data' functions, which are present in versions 3.8.2 and below. This vulnerability enables authenticated attackers with subscriber privileges or higher to delete plugin settings, resulting in unauthorized loss of data.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Apple (iPhone OS)
- iPadOS
Affected Vendors
- Apple