CVE-2023-6878

Опубликовано: 11 янв. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 6.5

EPSS Низкий

Описание

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.

Ссылки

https://plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49
Issue Tracking
https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49
Issue Tracking
https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leechesnutt:slick_social_share_buttons:*:*:*:*:*:wordpress:*:*

Версия до 2.4.11 (включая)

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5fjw-4jww-5859

CVSS3: 8.8

github

около 2 лет назад

EPSS

Процентиль: 44%

0.00216

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo