Vulnerability DatabaseCVE-2023-48286

CVE-2023-48286:
WordPress vulnerability analysis and mitigation

Overview

A Broken Access Control vulnerability was identified in the WordPress Accept Stripe Payments plugin versions 2.0.79 and earlier. The vulnerability was discovered by Joshua Chan and was publicly disclosed on November 23, 2023. This security issue was assigned the identifier CVE-2023-48286 (Patchstack).

Technical details

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This could potentially allow unprivileged users to execute higher privileged actions. The vulnerability has been assigned a CVSS severity score of 8.2, categorizing it as Low severity despite the high CVSS score (Patchstack).

Impact

The vulnerability's impact is considered low severity and is deemed unlikely to be exploited. The specific impact varies case by case due to the nature of broken access control vulnerabilities (Patchstack).

Mitigation and workarounds

The vulnerability has been fixed in version 2.0.80 of the WordPress Accept Stripe Payments plugin. Users are advised to update to version 2.0.80 or later to remediate this security issue (Patchstack).

Additional resources

Patchstack

Source: This report was generated using AI

Related WordPress vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-14030	MEDIUM	6.4	WordPress	ai-feeds	No	Yes	Dec 12, 2025
CVE-2025-12965	MEDIUM	6.4	WordPress	magical-posts-display	No	Yes	Dec 12, 2025
CVE-2025-14442	MEDIUM	5.3	WordPress	secure-copy-content-protection	No	Yes	Dec 12, 2025
CVE-2025-14065	MEDIUM	5.3	WordPress	simple-bike-rental	No	Yes	Dec 12, 2025
CVE-2025-14159	MEDIUM	4.3	WordPress	secure-copy-content-protection	No	Yes	Dec 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2023-48286: WordPress vulnerability analysis and mitigation