CVE Catalog

CVE-2023-32959

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile — higher than 6% of all known CVEs

Summary

MetroStore has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

Risk Assessment

The organization may be exposed to unauthorized access to data or functions, potentially leading to serious security breaches.

Recommendation

It is recommended to review and improve the configuration of access control levels in MetroStore to ensure proper user authorization.

Original NVD description (English source)

Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS