CVE-2023-46309

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score 0.0010 27.6th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in AdvancedCoding wpDiscuz wpdiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through <= 7.6.10.

Security Summary

CVE-2023-46309 is a missing authorization vulnerability (CWE-862) in the wpDiscuz WordPress plugin developed by AdvancedCoding. The flaw allows exploitation of incorrectly configured access control security levels and affects all versions of wpDiscuz from n/a through 7.6.10. Published on January 2, 2025, it carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation enables limited integrity impacts, such as unauthorized modifications, by bypassing intended access controls in the plugin.

Patchstack provides details on this broken access control issue in wpDiscuz version 7.6.10 via its vulnerability database at https://patchstack.com/database/Wordpress/Plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve.

Details

CWE(s): CWE-862

Affected Products

gvectors

wpdiscuz

≤ 7.6.11

References

https://patchstack.com/database/Wordpress/Plugin/wpdiscuz/vulnerability/wordpress-wpdiscuz-plugin-7-6-10-broken-access-control-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com