CVE-2023-23729

Vulnerability

Overview CVE-2023-237298 is a missing authorization vulnerability in the Spectra (formerly Ultimate Addons for Gutenberg) WordPress plugin, affecting versions from n/a through 2.3.0 [1]. The root cause is a failure to properly validate user capabilities before processing sensitive settings changes, specifically the reCAPTCHA configuration. This flaw enables unprivileged users, such as Contributor-level accounts, to alter security-critical plugin settings that should normally require higher privileges [1]. The vulnerability falls under the category of Broken Access Control, where missing nonce or permission checks allow unauthorized actions [1].

Attack

Vector and Exploitation The vulnerability can be exploited by any authenticated user with at least Contributor access to a WordPress site running the vulnerable plugin version. No special network position or cross-site request forgery is required, as the vulnerable functions lack proper authorization checks [1]. According to Patchstack, such vulnerabilities are often used in mass-exploit campaigns targeting thousands of sites regardless of their popularity [1]. The attack surface is significant due to the widespread use of the Spectra plugin.

Impact and

Mitigation Successful exploitation allows an attacker to modify the plugin's reCAPTCHA settings, potentially disabling or redirecting security challenges to aid further attacks like spam injection or credential harvesting [1]. While the CVSS v3.1 score is 5.4 (Medium), the practical risk is elevated by the ease of exploitation and known active use in automated attacks [1]. The vendor has released version 2.3.1 which patches the missing authorization checks [1]. Users are strongly advised to update immediately or enable automatic updates. No workarounds are reported; upgrading is the only complete mitigation.