{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36531", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-06-22T14:28:32.643Z", "datePublished": "2024-12-13T14:23:46.460Z", "dateUpdated": "2024-12-13T20:44:11.994Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-12-13T14:23:46.460Z"}, "title": "WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "LiquidPoll", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-poll", "product": "LiquidPoll \u2013 Advanced Polls for Creators and Brands", "versions": [{"lessThanOrEqual": "3.3.68", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "3.3.69", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-poll/vulnerability/wordpress-liquidpoll-advanced-polls-for-creators-and-brands-plugin-3-3-68-broken-access-control-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress LiquidPoll \u2013 Advanced Polls for Creators and Brands plugin to the latest available version (at least 3.3.69)."}], "value": "Update the WordPress LiquidPoll \u2013 Advanced Polls for Creators and Brands plugin to the latest available version (at least 3.3.69)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-13T20:43:50.487642Z", "id": "CVE-2023-36531", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-13T20:44:11.994Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-13T20:43:50.487642Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-13T20:43:58.948Z"}}], "cna": {"title": "WordPress LiquidPoll plugin <= 3.3.68 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abdi Pranata (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LiquidPoll", "product": "LiquidPoll \u2013 Advanced Polls for Creators and Brands", "versions": [{"status": "affected", "changes": [{"at": "3.3.69", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.3.68"}], "packageName": "wp-poll", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress LiquidPoll \u2013 Advanced Polls for Creators and Brands plugin to the latest available version (at least 3.3.69).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress LiquidPoll \u2013 Advanced Polls for Creators and Brands plugin to the latest available version (at least 3.3.69).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-poll/vulnerability/wordpress-liquidpoll-advanced-polls-for-creators-and-brands-plugin-3-3-68-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-12-13T14:23:46.460Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36531", "state": "PUBLISHED", "dateUpdated": "2024-12-13T20:44:11.994Z", "dateReserved": "2023-06-22T14:28:32.643Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-12-13T14:23:46.460Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in LiquidPoll LiquidPoll \u2013 Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll \u2013 Advanced Polls for Creators and Brands: from n/a through 3.3.68."}], "id": "CVE-2023-36531", "lastModified": "2024-12-13T15:15:17.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-12-13T15:15:17.570", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/wp-poll/vulnerability/wordpress-liquidpoll-advanced-polls-for-creators-and-brands-plugin-3-3-68-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}