CVE-2023-32117

CRITICAL EXPLOITED NUCLEI

SoftLab Integrate Google Drive - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2023-32117 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthorized access vulnerability in the Integrate Google Drive WordPress plugin (<=1.1.99) via exposed REST API endpoints. The exploit allows unauthenticated users to retrieve sensitive user data and interact with Google Drive files.

Description

Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99.

Exploits (1)

nomisec WORKING POC 6 stars

by RandomRobbieBF · infoleak

https://github.com/RandomRobbieBF/CVE-2023-32117

View Code ZIP pw:eip

This PoC demonstrates an unauthorized access vulnerability in the Integrate Google Drive WordPress plugin (<=1.1.99) via exposed REST API endpoints. The exploit allows unauthenticated users to retrieve sensitive user data and interact with Google Drive files.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Integrate Google Drive WordPress plugin <=1.1.99

No auth needed

Prerequisites: Target running vulnerable Integrate Google Drive plugin · Network access to the WordPress site

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

HIGHVERIFIEDby DhiyaneshDK

References (2)

Core 2

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/wordpress/plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-1-99-unauthenticated-broken-access-control-vulnerability?_s_id=cve

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/integrate-google-drive/vulnerability/wordpress-integrate-google-drive-plugin-1-1-99-unauthenticated-broken-access-control-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.0628

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-01-26

CWE

CWE-862

Status published

Products (2)

princeahmed/Integrate Google Drive < 1.1.99

SoftLab/Integrate Google Drive < 1.1.99

Published Dec 09, 2024

Tracked Since Feb 18, 2026