What the vulnerability does
01Description
Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.
Explanation of Vulnerability in Simple Terms
Kirki versions up to 6.0.11 contain an integrity and availability vulnerability accessible over the network without authentication. An attacker can modify data or degrade site performance without needing user interaction or special privileges. Update to version 6.0.12 or later to resolve this issue.
What an attacker can do
Modify site data or degrade availability without authentication.
Potential impact on your site
Site data could be altered and performance degraded by remote attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities