CVE-2023-6279

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

T

he Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name

References

Link	Resource
https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:woostify:sites_library:*:*:*:*:*:wordpress:*:*

History

20 Feb 2026, 20:05

Type	Values Removed	Values Added
CPE	cpe:2.3:a:wootsify:sites_library::::::wordpress::*	cpe:2.3:a:woostify:sites_library::::::wordpress::*
First Time		Woostify Woostify sites Library

21 Nov 2024, 08:43

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/ - Exploit, Third Party Advisory~~	() https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/ - Exploit, Third Party Advisory

Information

Published : 2024-01-29 15:15

Updated : 2026-02-20 20:05

NVD link : CVE-2023-6279

Mitre link : CVE-2023-6279

CVE.ORG link : CVE-2023-6279

JSON object : View

Products Affected

sites_library

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-6279", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-01-29T15:15:09.343", "references": [{"url": "https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name"}, {"lang": "es", "value": "El complemento de WordPress Woostify Sites Library anterior a 1.4.8 no tiene autorizaci\u00f3n en una acci\u00f3n AJAX, lo que permite a cualquier usuario autenticado, como un suscriptor, actualizar opciones de blog arbitrarias y configurarlas como \"activated\", lo que podr\u00eda provocar DoS al usar un nombre de opci\u00f3n espec\u00edfico."}], "lastModified": "2026-02-20T20:05:59.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:woostify:sites_library:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "65E906DF-4406-43D6-8077-936E40399153", "versionEndExcluding": "1.4.8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}