CVE-2023-23672 – CVE-2023-23672 is a missing authorization vulne... (How to Fix)

Q: What is the severity of CVE-2023-23672?

CVE-2023-23672 has a CVSS score of 5.4 (MEDIUM). CVE-2023-23672 is a missing authorization vulnerability in the GiveWP WordPress plugin that allows authenticated users to delete arbitrary content without proper permissions. This affects WordPress sites running GiveWP versions up to 2.25.1. The vulnerability enables privilege escalation through unauthorized content manipulation.

📋 TL;DR

CVE-2023-23672 is a missing authorization vulnerability in the GiveWP WordPress plugin that allows authenticated users to delete arbitrary content without proper permissions. This affects WordPress sites running GiveWP versions up to 2.25.1. The vulnerability enables privilege escalation through unauthorized content manipulation.

💻 Affected Systems

Products:

WordPress GiveWP Plugin

Versions: n/a through 2.25.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with GiveWP plugin enabled. Any authenticated user can potentially exploit this vulnerability.

📦 What is this software?

Givewp by Givewp

View all CVEs affecting Givewp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could delete critical website content, donation records, or configuration data, potentially causing data loss, service disruption, or financial impact.

🟠

Likely Case

Malicious users with basic accounts could delete donation forms, content pages, or plugin data, disrupting fundraising operations and website functionality.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to unauthorized content deletion within the plugin's scope, with audit trails for investigation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. Public proof-of-concept demonstrates content deletion via API endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.25.2 and later

Vendor Advisory: https://wordpress.org/plugins/give/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find GiveWP and click 'Update Now'. 4. Verify update to version 2.25.2 or higher.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable GiveWP plugin until patched version can be installed

wp plugin deactivate give

Restrict User Registration

all

Temporarily disable new user registration to limit attack surface

wp option update users_can_register 0

🧯 If You Can't Patch

Implement strict user role management and review all authenticated user permissions
Enable comprehensive logging and monitoring of content deletion actions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > GiveWP version. If version is 2.25.1 or lower, system is vulnerable.

Check Version:

wp plugin list --name=give --field=version

Verify Fix Applied:

Verify GiveWP plugin version is 2.25.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual content deletion events in WordPress logs
Multiple DELETE requests to GiveWP API endpoints from non-admin users

Network Indicators:

HTTP DELETE requests to /wp-json/give/v2/* endpoints from unauthorized IPs

SIEM Query:

source="wordpress.log" AND ("DELETE" AND "give/v2") AND NOT user_role="administrator"

📊 Metadata

CVE ID: CVE-2023-23672

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-862

EPSS Score: 0.17% exploit probability (37.8th percentile)

Published: January 2, 2025

Last Updated: February 25, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/give/vulnerability/wordpress-givewp-plugin-2-25-1-arbitrary-content-deletion-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23672, you might also want to check these: