How severe is CVE-2023-40004?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2023-40004?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2023-40004 - HIGH Severity | CVSS 7.3

Vulnerability Description

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.

Related Vulnerabilities

CVE-2019-25215

HIGH

CVSS:7.3(High)

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes...

CWE-8622019

CVE-2020-36716

HIGH

CVSS:7.3(High)

The WP Activity Log plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the setup_page function in versions up to, and including, 4.0.1. This makes it possi...

CWE-8622020

CVE-2021-4444

HIGH

CVSS:7.3(High)

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it...

CWE-8622021

CVE-2022-20126

HIGH

CVSS:7.3(High)

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of pri...

CWE-8622022

CVE-2022-20137

HIGH

CVSS:7.3(High)

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of pr...

CWE-8622022

CVE-2022-36228

HIGH

CVSS:7.3(High)

Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.

CWE-8622022