What the vulnerability does
01Description
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
What the vulnerability does
Missing Authorization vulnerability in Codexpert, Inc CoDesigner woolementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoDesigner: from n/a through <= 4.29.
Explanation of Vulnerability in Simple Terms
CoDesigner versions 4.29 and earlier lack proper authorization checks, allowing authenticated users with low privileges to trigger a denial-of-service condition. An attacker with a valid account can make requests that degrade site availability. The vulnerability requires an existing user account but no special interaction from victims.
What an attacker can do
An authenticated user can degrade site availability by making unauthorized requests.
Potential impact on your site
Legitimate users may experience service disruptions if an attacker exploits this flaw repeatedly.
Conditions required to exploit
Attacker must have a valid user account with low privileges on the site.
Key dates
External resources