CVE-2023-5862 MEDIUM

CVE-2023-5862: Missing Authorization in hamza417/inure

Vendor Hamza417

Product hamza417/inure

Weakness CWE-862 · Missing authorization

Published October 31, 2023

Last update September 5, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Missing Authorization in GitHub repository hamza417/inure prior to Build95.

Key dates

02Disclosure timeline

October 31, 2023 CVE published

September 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5862 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function CVE-2025-62869 WordPress Gravitec.net – Web Push Notifications plugin <= 2.9.17 - Broken Access Control vulnerability CVE-2026-25320 WordPress Elementor Contact Form DB plugin <= 2.1.3 - Broken Access Control vulnerability CVE-2026-25387 WordPress Image Optimizer by Elementor plugin <= 1.7.1 - Broken Access Control vulnerability CVE-2026-5294 GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action