CVE-2023-39995

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP OnlineSupport, Essential Plugin Portfolio and Projects versions 1.3.7 and earlier

Description The issue affects the Portfolio and Projects plugin for WordPress, involving broken access control due to missing authorization. This allows for the exploitation of incorrectly configured access control security levels. Users are urged to update to the latest version to mitigate risks.

Recommendations For versions 1.3.7 and earlier, update to the latest version to secure your site. As a temporary workaround, consider restricting access to vulnerable components until a patch is available.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-39995

Affected Products

Essential Plugin Portfolio/Projects

Portfolio/Projects

Wp Onlinesupport

CVE-2023-39995

Weakness Enumeration

Related Identifiers

Affected Products

References · 8