PT-2024-12341 · WordPress · Simple Page Ordering

Mika

Published

2024-12-13

Updated

2024-12-15

CVE-2023-32798

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Simple Page Ordering versions 2.5.0 and earlier

Description The issue affects the Simple Page Ordering plugin, allowing exploitation of incorrectly configured access control security levels due to a missing authorization vulnerability. This vulnerability exposes broken access control, which can be exploited by attackers. Users are urged to update to the latest version to mitigate risks.

Recommendations For versions 2.5.0 and earlier, update to the latest version to secure your WordPress site and remediate the broken access control issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-32798

Affected Products

Simple Page Ordering

PT-2024-12341 · WordPress · Simple Page Ordering

CVE-2023-32798

Weakness Enumeration

Related Identifiers

Affected Products

References · 8