关键信息 漏洞名称: WordPress Trusty Whistleblowing Plugin <= 1.5.2 is vulnerable to Broken Access Control 优先级: High priority 受影响版本: <= 1.5.2 修复状态: No official fix available 风险: CVE-2023-2822 - 描述: This vulnerability is highly dangerous and expected to become mass exploited. - 类型: Broken Access Control - 影响: A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user executing a certain higher privileged action. 解决方案: - Automatically mitigate vulnerabilities and keep your websites safe using Patchstack's virtual patch. 时间线: - Reported by: mfiro (Code0xffhino) on 09 May 2023 - Early warning sent out to Patchstack customers on 23 Jun 2023 - Published by Patchstack on 26 Jun 2023