Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by wordapp
CVE-2023-2987 (GCVE-0-2023-2987)
Vulnerability from cvelistv5 – Published: 2023-05-31 02:40 – Updated: 2026-04-08 17:03
VLAI
Title
Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
Summary
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the 'validation_token' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
6 references
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/config.php#L59"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/pdx.php#L64"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/access.php#L28"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:16:28.178678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:31:38.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wordapp",
"vendor": "wordapp",
"versions": [
{
"lessThanOrEqual": "1.6.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the \u0027wa_pdx_op_config_set\u0027 function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the \u0027validation_token\u0027 in the plugin config, providing access to the plugin\u0027s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:03:32.204Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/config.php#L59"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/pdx.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wordapp/trunk/includes/access.php#L28"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3063322/wordapp"
},
{
"url": "https://lana.report/publication/6e779e9a-e0f9-4102-9f0b-ad46e9c4533f/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-14T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-15T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-05-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Wordapp \u003c= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2987",
"datePublished": "2023-05-31T02:40:20.868Z",
"dateReserved": "2023-05-30T14:13:59.154Z",
"dateUpdated": "2026-04-08T17:03:32.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}