CVE-2023-0551

Summary

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Affected Software

VendorProductVersion RangeStatus
UnknownREST API TO MiniProgram0 <= 4.6.1affected

Weaknesses

  • CWE-284 Improper Access Control
  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References