CVE-2023-45104

High

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0021 42.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in WPDeveloper BetterLinks betterlinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through <= 1.6.0.

Security Summary

CVE-2023-45104 is a missing authorization vulnerability (CWE-862) in the WPDeveloper BetterLinks plugin for WordPress, stemming from incorrectly configured access control security levels. The issue affects all versions of BetterLinks up to and including 1.6.0. It has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites for exploitation.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows limited impacts across confidentiality, integrity, and availability, such as partial unauthorized access to data, minor modifications, or denial-of-service effects within the plugin's scope.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve details the broken access control issue in BetterLinks versions up to 1.6.0, recommending updates to patched versions for mitigation.

Details

CWE(s): CWE-862

Affected Products

wpdeveloper

betterlinks

≤ 1.6.1

References

https://patchstack.com/database/Wordpress/Plugin/betterlinks/vulnerability/wordpress-betterlinks-plugin-1-6-0-broken-access-control-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com