PT-2024-12577 · WordPress · Image Regenerate & Select Crop

Abdi Pranata

Published

2024-12-13

Updated

2024-12-16

CVE-2023-36680

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Image Regenerate & Select Crop versions prior to 7.1.0

Description The issue involves a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels due to broken access control. This vulnerability affects the WordPress Image Regenerate Select Crop plugin. Users are urged to update to the latest version to mitigate risks.

Recommendations For versions prior to 7.1.0, update to the latest version to secure your site and mitigate the risk of broken access control. As a temporary workaround, consider restricting access to sensitive areas of the plugin until the update is applied.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-36680

Affected Products

Image Regenerate & Select Crop

PT-2024-12577 · WordPress · Image Regenerate & Select Crop

CVE-2023-36680

Weakness Enumeration

Related Identifiers

Affected Products

References · 10