{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2023-40200", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-08-10T11:31:18.458Z", "datePublished": "2026-06-11T07:11:29.248Z", "dateUpdated": "2026-06-11T13:52:11.680Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-06-11T07:11:29.248Z" }, "title": "WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-639", "description": "CWE-639 Authorization bypass through User-Controlled key", "type": "CWE" } ] } ], "impacts": [ { "capecId": "CAPEC-180", "descriptions": [ { "lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels" } ] } ], "affected": [ { "vendor": "Essential Plugin", "product": "WP Logo Showcase Responsive Slider and Carousel", "collectionURL": "https://wordpress.org/plugins", "packageName": "wp-logo-showcase-responsive-slider-slider", "versions": [ { "status": "affected", "version": "n/a", "lessThanOrEqual": "3.6", "changes": [ { "at": "3.7", "status": "unaffected" } ], "versionType": "custom" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.

" } ] } ], "tags": [ "x_open-source" ], "references": [ { "url": "https://patchstack.com/database/wordpress/plugin/wp-logo-showcase-responsive-slider-slider/vulnerability/wordpress-wp-logo-showcase-responsive-slider-and-carousel-plugin-3-6-broken-access-control-vulnerability?_s_id=cve", "tags": [ "vdb-entry" ] } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } } ], "solutions": [ { "lang": "en", "value": "Update the WordPress WP Logo Showcase Responsive Slider and Carousel plugin to the latest available version (at least 3.7).", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Update the WordPress WP Logo Showcase Responsive Slider and Carousel plugin to the latest available version (at least 3.7)." } ] } ], "credits": [ { "lang": "en", "value": "Abdi Pranata | Patchstack Bug Bounty Progran", "user": "00000000-0000-4000-9000-000000000000", "type": "finder" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-06-11T13:47:38.810629Z", "id": "CVE-2023-40200", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-11T13:52:11.680Z" } } ] } }