The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
CWE |
01 Feb 2023, 14:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
My Youtube Channel Project
My Youtube Channel Project my Youtube Channel |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:my_youtube_channel_project:my_youtube_channel:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://plugins.trac.wordpress.org/browser/youtube-channel/trunk/youtube-channel.php?rev=2482795#L1502 - Third Party Advisory | |
References | (MISC) https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2844200%40youtube-channel&new=2844200%40youtube-channel&sfp_email=&sfph_mail= - Patch, Third Party Advisory | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/486b6a75-d101-4f3a-8436-6c23dd0ff200 - Third Party Advisory |
23 Jan 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-23 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0447
Mitre link : CVE-2023-0447
CVE.ORG link : CVE-2023-0447
JSON object : View
Products Affected
my_youtube_channel_project
- my_youtube_channel
CWE
No CWE.