{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6257","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2023-11-22T14:31:47.285Z","datePublished":"2024-04-11T05:00:02.030Z","dateUpdated":"2025-03-26T20:47:15.800Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-08-30T07:58:14.340Z"},"title":"Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read","problemTypes":[{"descriptions":[{"description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Inline Related Posts","versions":[{"status":"affected","versionType":"semver","version":"0","lessThan":"3.6.0"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts"}],"references":[{"url":"https://wpscan.com/vulnerability/19a86448-8d7c-4f02-9290-d9f93810e6e1/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Krzysztof ZajÄ…c (CERT PL)","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-05-08T15:57:06.232321Z","id":"CVE-2023-6257","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-26T20:47:15.800Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:28:20.199Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/19a86448-8d7c-4f02-9290-d9f93810e6e1/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}