CVE-2023-47179

CVE-2023-47179 is a Missing Authorization vulnerability (CWE-862) in the WooODT Lite WordPress plugin developed by mdalabar under the byconsole-woo-order-delivery-time project. The flaw allows exploiting incorrectly configured access control security levels and affects all versions of WooODT Lite from n/a through 2.4.6. Published on 2025-01-02, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

Low-privileged authenticated users (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), specifically through arbitrary site option updates as detailed in vulnerability disclosures.

Patchstack advisories identify this as an arbitrary site option update vulnerability in WooODT Lite up to version 2.4.6. Mitigation involves updating the plugin to a patched version beyond 2.4.6, with practitioners advised to review access controls and monitor for unauthorized option changes in affected environments.