CVE-2023-47183

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score 0.0034 56.9th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in StellarWP GiveWP give allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through <= 2.33.1.

Security Summary

CVE-2023-47183 is a missing authorization vulnerability (CWE-862) in the GiveWP WordPress plugin from StellarWP. The issue allows exploiting incorrectly configured access control security levels in the "give" component and affects all versions of GiveWP up to and including 2.33.1. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), indicating medium severity with no confidentiality or availability impact but low integrity impact.

Unauthenticated attackers (PR:N) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation enables limited integrity modifications (I:L) within the unchanged security scope (S:U), such as unauthorized alterations to plugin-controlled resources.

The Patchstack advisory provides further details on this broken access control vulnerability in GiveWP 2.33.1, available at https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve.

Details

CWE(s): CWE-862

Affected Products

givewp

≤ 2.33.2

References

https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-givewp-plugin-2-33-1-broken-access-control-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com