CVE-2023-46188 (GCVE-0-2023-46188)

Vulnerability from cvelistv5 – Published: 2025-01-02 11:59 – Updated: 2026-04-23 13:50
VLAI?
Title
WordPress Freesoul Deactivate Plugins plugin <= 2.1.3 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through <= 2.1.3.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup Affected: 0 , ≤ 2.1.3 (custom)
Create a notification for this product.
Date Public ?
2026-04-22 14:34
Credits
Abdi Pranata | Patchstack Bug Bounty Program
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-46188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-02T17:35:10.980728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-03T19:09:30.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "freesoul-deactivate-plugins",
          "product": "Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup",
          "vendor": "Jose Mortellaro",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.1.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.1.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Abdi Pranata | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:34:27.928Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup: from n/a through \u003c= 2.1.3.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup: from n/a through \u003c= 2.1.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-23T13:50:29.509Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Freesoul Deactivate Plugins plugin \u003c= 2.1.3 - Broken Access Control vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-46188",
    "datePublished": "2025-01-02T11:59:59.522Z",
    "dateReserved": "2023-10-18T08:45:49.682Z",
    "dateUpdated": "2026-04-23T13:50:29.509Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-46188",
      "date": "2026-04-25",
      "epss": "0.00145",
      "percentile": "0.34663"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup: from n/a through 2.1.3.\"}, {\"lang\": \"es\", \"value\": \"La vulnerabilidad de autorizaci\\u00f3n faltante en Jose Mortellaro Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup: desde n/a hasta 2.1.3.\"}]",
      "id": "CVE-2023-46188",
      "lastModified": "2025-01-02T12:15:11.127",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"audit@patchstack.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2025-01-02T12:15:11.127",
      "references": "[{\"url\": \"https://patchstack.com/database/wordpress/plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve\", \"source\": \"audit@patchstack.com\"}]",
      "sourceIdentifier": "audit@patchstack.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"audit@patchstack.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-46188\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2025-01-02T12:15:11.127\",\"lastModified\":\"2026-04-23T15:17:44.833\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup: from n/a through \u003c= 2.1.3.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de autorizaci\u00f3n faltante en Jose Mortellaro Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Freesoul Deactivate Plugins \u2013 Plugin manager and cleanup: desde n/a hasta 2.1.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/Wordpress/Plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46188\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-02T17:35:10.980728Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-02T17:38:43.783Z\"}}], \"cna\": {\"title\": \"WordPress Freesoul Deactivate Plugins plugin \u003c= 2.1.3 - Broken Access Control vulnerability\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Abdi Pranata | Patchstack Bug Bounty Program\"}], \"impacts\": [{\"capecId\": \"CAPEC-180\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exploiting Incorrectly Configured Access Control Security Levels\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Jose Mortellaro\", \"product\": \"Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"2.1.4\", \"status\": \"unaffected\"}], \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1.3\"}], \"packageName\": \"freesoul-deactivate-plugins\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-22T14:34:27.928Z\", \"references\": [{\"url\": \"https://patchstack.com/database/Wordpress/Plugin/freesoul-deactivate-plugins/vulnerability/wordpress-freesoul-deactivate-plugins-plugin-2-1-3-broken-access-control-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup: from n/a through \u003c= 2.1.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup freesoul-deactivate-plugins allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Freesoul Deactivate Plugins \\u2013 Plugin manager and cleanup: from n/a through \u003c= 2.1.3.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2026-04-23T13:50:29.509Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-46188\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-23T13:50:29.509Z\", \"dateReserved\": \"2023-10-18T08:45:49.682Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2025-01-02T11:59:59.522Z\", \"assignerShortName\": \"Patchstack\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.