nvd-json-data-feeds/CVE-2023/CVE-2023-69xx/CVE-2023-6983.json

{
  "id": "CVE-2023-6983",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-02-05T22:15:58.257",
  "lastModified": "2024-02-06T01:00:55.997",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13?source=cve",
      "source": "security@wordfence.com"
    }
  ]
}
Auto-Update: 2024-02-05T23:00:25.171839+00:00 2024-02-05 23:00:28 +00:00			`{`
			`"id": "CVE-2023-6983",`
			`"sourceIdentifier": "security@wordfence.com",`
			`"published": "2024-02-05T22:15:58.257",`
Auto-Update: 2024-02-06T03:00:25.770920+00:00 2024-02-06 03:00:29 +00:00			`"lastModified": "2024-02-06T01:00:55.997",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-02-05T23:00:25.171839+00:00 2024-02-05 23:00:28 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to retrieve potentially sensitive post meta."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security@wordfence.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"references": [`
			`{`
			`"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=",`
			`"source": "security@wordfence.com"`
			`},`
			`{`
			`"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13?source=cve",`
			`"source": "security@wordfence.com"`
			`}`
			`]`
			`}`