CVE-2023-0551

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
minapperrest_api_to_miniprogram
𝑥
≤ 4.6.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d
https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d