CVE-2023-47762: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in WPDeveloper BetterDocs plugin versions through 2.5.2. The vulnerability was discovered by Abdi Pranata and was assigned CVE-2023-47762. The issue was reported on August 20, 2023, and publicly disclosed on November 13, 2023 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) due to missing authorization checks. It received a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and required low privileges (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to incorrectly configured access control security levels. The impact is primarily focused on integrity with low severity, while confidentiality and availability are not affected (Patchstack).

Users are advised to update to BetterDocs version 2.5.3 or later to resolve the vulnerability. For temporary mitigation, Patchstack has issued a virtual patch to block potential attacks until users can update to the fixed version (Patchstack).