CVE-2023-6741

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

T

he WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.

References

Link	Resource
https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/	Third Party Advisory
https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/ - Third Party Advisory~~	() https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/ - Third Party Advisory

Information

Published : 2024-01-16 16:15

Updated : 2025-06-20 18:15

NVD link : CVE-2023-6741

Mitre link : CVE-2023-6741

CVE.ORG link : CVE-2023-6741

JSON object : View

Products Affected

wp_customer_area

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-6741", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-01-16T16:15:13.867", "references": [{"url": "https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address."}, {"lang": "es", "value": "El complemento de WordPressWP Customer Area anterior a 8.2.1 no valida adecuadamente las capacidades de los usuarios en algunas de sus acciones AJAX, lo que permite a usuarios malintencionados editar la direcci\u00f3n de cuenta de otros usuarios."}], "lastModified": "2025-06-20T18:15:24.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C22F1304-27E0-4D72-8487-BC5210011831", "versionEndExcluding": "8.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}