CVE-2023-2172

MEDIUM

BadgeOS <= 3.7.1.6 - Authenticated Insecure Direct Object Reference in AJAX Step Handlers

Title source: llm

Description

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to overwrite arbitrary post titles.

References (5)

Core 5

Core References

Patch

https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/award-steps-ui.php#L397

Patch

https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/points/deduct-steps-ui.php#L454

Patch

https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/ranks/rank-steps-ui.php#L388

Patch

https://plugins.trac.wordpress.org/browser/badgeos/trunk/includes/steps-ui.php#L396

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=cve

Scores

CVSS v3 4.3

EPSS 0.0042

EPSS Percentile 33.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (2)

badgeos/badgeos < 3.7.1.6

learningtimes/BadgeOS < 3.7.1.6

Published Aug 31, 2023

Tracked Since Feb 18, 2026