ByteOS Network

CVE Vulnerability Details :

CVE-2023-0581

PUBLISHED

Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599

Published At-30 Jan, 2023 | 14:06

▼CVE Numbering Authority (CNA)

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack.

Affected Products

Vendor

LCWeb

Product

PrivateContent

Default Status

unaffected

Versions

Affected

From * through 8.4.3 (semver)

Problem Types

Type	CWE ID	Description
N/A	N/A	CWE-602 Client-Side Enforcement of Server-Side Security

Type: N/A

CWE ID: N/A

Description: CWE-602 Client-Side Enforcement of Server-Side Security

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Credits

finder

Riccardo Granata

Timeline

Event	Date
Disclosed	2023-01-30 00:00:00

Event: Disclosed

Date: 2023-01-30 00:00:00

References

Hyperlink	Resource
https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236	N/A
https://lcweb.it/privatecontent/changelog	N/A

Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236

Resource: N/A

Hyperlink: https://lcweb.it/privatecontent/changelog

Resource: N/A

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References