CVE-2023-2590 HIGH

CVE-2023-2590: Missing Authorization in answerdev/answer

Vendor Answerdev

Product answerdev/answer

Weakness CWE-862 · Missing authorization

Published May 9, 2023

Last update January 28, 2025

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.

Key dates

02Disclosure timeline

May 9, 2023 CVE published

January 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-2590 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-1177 WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update CVE-2026-25388 WordPress Ads Pro plugin <= 5.0 - Broken Access Control vulnerability CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update CVE-2022-47594 WordPress Essential Blocks for Gutenberg plugin <= 3.8.5 - Broken Access Control CVE-2024-34803 WordPress Fastly plugin <= 1.2.25 - Broken Access Control vulnerability