CVE-2023-48758

High

Published: 02 January 2025

Published

02 January 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0021 43.1th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in Crocoblock JetEngine jet-engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through <= 3.2.4.

Security Summary

CVE-2023-48758 is a missing authorization vulnerability (CWE-862) in the Crocoblock JetEngine WordPress plugin, enabling exploitation of incorrectly configured access control security levels. The issue affects JetEngine versions from n/a through 3.2.4.

With a CVSS v3.1 base score of 7.1 (High), the vulnerability is exploitable over the network (AV:N) with low complexity (AC:L) by low-privileged authenticated users (PR:L), requiring no user interaction (UI:N) and maintaining unchanged scope (S:U). Attackers can achieve low integrity impact (I:L) and high availability impact (A:H), no confidentiality impact (C:N), potentially allowing limited data modification and denial-of-service conditions.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve. The vulnerability was published on 2025-01-02T15:15:20.920.

Details

CWE(s): CWE-862

References

https://patchstack.com/database/Wordpress/Plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve
audit@patchstack.com