{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-25454", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-02-06T12:38:05.559Z", "datePublished": "2024-12-09T11:31:34.297Z", "dateUpdated": "2026-04-28T16:08:07.973Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "protected-posts-logout-button", "product": "Protected Posts Logout Button", "vendor": "Nate Reist", "versions": [{"changes": [{"at": "1.4.6", "status": "unaffected"}], "lessThanOrEqual": "1.4.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "yuyudhn (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects Protected Posts Logout Button: from n/a through 1.4.5.</p>"}], "value": "Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:08:07.973Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/protected-posts-logout-button/vulnerability/wordpress-protected-posts-logout-button-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Protected Posts Logout Button plugin to the latest available version (at least 1.4.6)."}], "value": "Update the WordPress Protected Posts Logout Button plugin to the latest available version (at least 1.4.6)."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "wordpress", "product": "nate_reist_protected_posts_logout_button", "cpes": ["cpe:2.3:a:wordpress:nate_reist_protected_posts_logout_button:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-09T15:21:40.729647Z", "id": "CVE-2023-25454", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T15:23:41.636Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-25454", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-09T15:21:40.729647Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wordpress:nate_reist_protected_posts_logout_button:*:*:*:*:*:*:*:*"], "vendor": "wordpress", "product": "nate_reist_protected_posts_logout_button", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-09T15:23:36.268Z"}}], "cna": {"title": "WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "yuyudhn | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Nate Reist", "product": "Protected Posts Logout Button", "versions": [{"status": "affected", "changes": [{"at": "1.4.6", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.5"}], "packageName": "protected-posts-logout-button", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:35:08.205Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/protected-posts-logout-button/vulnerability/wordpress-protected-posts-logout-button-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button protected-posts-logout-button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through <= 1.4.5.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button protected-posts-logout-button allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Protected Posts Logout Button: from n/a through <= 1.4.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T13:49:43.018Z"}}}, "cveMetadata": {"cveId": "CVE-2023-25454", "state": "PUBLISHED", "dateUpdated": "2026-04-23T13:49:43.018Z", "dateReserved": "2023-02-06T12:38:05.559Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-12-09T11:31:34.297Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5."}, {"lang": "es", "value": "La vulnerabilidad de autorizaci\u00f3n faltante en el bot\u00f3n de cierre de sesi\u00f3n de publicaciones protegidas de Nate Reist permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Protected Posts Logout Button: desde n/a hasta 1.4.5."}], "id": "CVE-2023-25454", "lastModified": "2026-04-28T19:19:46.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-12-09T13:15:23.327", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/protected-posts-logout-button/vulnerability/wordpress-protected-posts-logout-button-plugin-1-4-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}