Summaryinfo

A vulnerability was found in Draw Attention Plugin up to 2.0.15 on WordPress. It has been classified as critical. This issue affects the function register_cpt. The manipulation leads to access control. This vulnerability is documented as CVE-2023-46616. There is not any exploit available.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Draw Attention Plugin up to 2.0.15 on WordPress (WordPress Plugin). This issue affects the function register_cpt. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15.

The weakness was released 10/27/2023. It is possible to read the advisory at wordfence.com. The identification of this vulnerability is CVE-2023-46616 since 10/24/2023. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• WordPress Plugin

Name

• Draw Attention Plugin

Version

• 2.0.0
• 2.0.1
• 2.0.2
• 2.0.3
• 2.0.4
• 2.0.5
• 2.0.6
• 2.0.7
• 2.0.8
• 2.0.9
• 2.0.10
• 2.0.11
• 2.0.12
• 2.0.13
• 2.0.14
• 2.0.15

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion