What the vulnerability does
01Description
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.15.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in PickPlugins Accordion accordions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion: from n/a through <= 2.3.15.
Explanation of Vulnerability in Simple Terms
Accordion by PickPlugins versions 2.3.15 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read sensitive data they should not access. An attacker with a basic user account can retrieve confidential information without needing to modify or disrupt the site. Update to a version newer than 2.3.15.
What an attacker can do
Read sensitive data or information they should not have access to.
Potential impact on your site
Confidential data may be exposed to any registered user, even those with minimal permissions.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources