CVE-2023-4213— WordPress plugin Simplr Registration Form Plus+ 安全漏洞

Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change

The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

通过用户控制密钥绕过授权机制

WordPress plugin Simplr Registration Form Plus+ 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Simplr Registration Form Plus+ 存在安全漏洞，该漏洞源于容易受到不安全直接对象引用的影响。

N/A

N/A