CVE-2023-6731
WP Show Posts <= 1.1.5 - Improper Authorization to Information ExposureThe WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view arbitrary post metadata, list posts, and view terms and taxonomies.
We have discovered 7,064 live websites that are affected by CVE-2023-6731.
Affected Software
| Product |  Wp Show Posts |
| Category | Wordpress Plugins |
| Vulnerable Domains | 7,064 live websites (21% of Wp Show Posts install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 5 versions ( 71% of all versions) |
Common Weakness Enumeration
CWE-285 Improper AuthorizationDetails
- Published - May 2, 2024
- Updated - Apr 8, 2026
Credits
- Lucio Sá (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-6731 United States | 2,139 websites |
 Japan | 891 websites |
 Canada | 576 websites |
 Germany | 436 websites |
 Spain | 387 websites |
 France | 353 websites |
 Australia | 346 websites |
 Italy | 169 websites |
 GB | 167 websites |
 Russia | 131 websites |
Website Distribution by TLD
Number of websites using CVE-2023-6731| .com | 3,109 websites |
| .org | 551 websites |
| .com.au | 345 websites |
| .net | 277 websites |
| .de | 243 websites |
| .jp | 194 websites |
| .es | 172 websites |
| .fr | 141 websites |
| .co.jp | 133 websites |
| .it | 125 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6731
Top websites that are affected by CVE-2023-6731. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********************.com | United States | *,*** | |
| ******.net | United States | **,*** | |
| **************.com | United States | **,*** | |
| ********************.com | United States | **,*** | |
| *****************.com | United States | ***,*** | |
| **********.cl |  Chile | ***,*** | |
| *************.jp | Japan | ***,*** | |
| **********.com | United States | ***,*** | |
| ********.com | United States | ***,*** | |
| ******.com | United States | ***,*** |
FAQ
CVE-2023-6731 is Improper Authorization in Wp Show Posts
A total of 7,064 websites have been identified as vulnerable to CVE-2023-6731, based on global website indexing conducted by WebTechSurvey.
The Wp Show Posts is affected by the CVE-2023-6731 vulnerability.
Wp Show Posts versions up to and including 1.1.5 are vulnerable to CVE-2023-6731.