CVE-2023-2172

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L397	Patch
https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/deduct-steps-ui.php#L454	Patch
https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/ranks/rank-steps-ui.php#L388	Patch
https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/steps-ui.php#L396	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:badgeos:badgeos:*:*:*:*:*:wordpress:*:*

History

07 Nov 2023, 04:12

Type	Values Removed	Values Added
CWE	~~CWE-639~~

01 Sep 2023, 13:03

Type	Values Removed	Values Added
First Time		Badgeos badgeos Badgeos
References	~~(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/deduct-steps-ui.php#L454 -~~	(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/deduct-steps-ui.php#L454 - Patch
References	~~(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve -~~	(MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve - Third Party Advisory
References	~~(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L397 -~~	(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L397 - Patch
References	~~(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/ranks/rank-steps-ui.php#L388 -~~	(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/ranks/rank-steps-ui.php#L388 - Patch
References	~~(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/steps-ui.php#L396 -~~	(MISC) https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/steps-ui.php#L396 - Patch
CPE		cpe:2.3:a:badgeos:badgeos::::::wordpress::*

31 Aug 2023, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-31 06:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-2172

Mitre link : CVE-2023-2172

CVE.ORG link : CVE-2023-2172

JSON object : View

Products Affected

badgeos

badgeos

CWE

No CWE.

4.3 /10