CVE-2023-7268

MEDIUM

ArtPlacer Widget < 2.21.1 - Authenticated Arbitrary Widget Deletion

Title source: llm
STIX 2.1

Description

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7/

Scores

CVSS v3 6.5
EPSS 0.0040
EPSS Percentile 31.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
artplacer/artplacer_widget < 2.21.1
Published Jul 19, 2024
Tracked Since Feb 18, 2026