What is CVE-2023-1979?

CVE-2023-1979 is a medium-severity vulnerability in the Web Stories for WordPress plugin. It allows users with the "Author" role to bypass permission checks and access password-protected content when duplicating a story. Versions up to 1.32.0 are affected. To mitigate this vulnerability, upgrade to version 1.32 or later.

Who is impacted by CVE-2023-1979?

Users with the "Author" role in WordPress using the Web Stories for WordPress plugin are impacted. Websites with plugin versions up to 1.32.0 are at risk of permission bypass when duplicating stories.

What to do if CVE-2023-1979 affected you

If you're affected by the CVE-2023-1979 vulnerability, it's crucial to take action to protect your WordPress site. Follow these simple steps to mitigate the risk:

1. Upgrade the Web Stories for WordPress plugin to version 1.32.0 or later.

2. Ensure your WordPress installation and other plugins are up-to-date.

3. Regularly monitor for security updates and apply them promptly.

By taking these precautions, you can help safeguard your website from potential security threats.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1979 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It affects the Web Stories for WordPress plugin and allows users with the "Author" role to access protected content. The vulnerability was published on May 8, 2023, and the recommended action is to upgrade the plugin to version 1.32 or later.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-863, which refers to incorrect authorization issues in the Web Stories for WordPress plugin.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2023-1979

• Commit

• Release v1.32.0 · GoogleForCreators/web-stories-wp · GitHub