PT-2023-5744 · WordPress · Comments Like Dislike
Henry1601
+1
·
Publicado
2023-08-17
·
Atualizado
2023-09-14
·
CVE-2023-3244
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Comments Like Dislike plugin for WordPress versions up to, and including, 1.1.9
Description
The issue is related to a missing capability check on the
restore settings function, which can be exploited via an AJAX action. This allows authenticated attackers with minimal permissions to reset the plugin's settings, potentially affecting data integrity. The problem was reported to the WordPress plugin team 30 days prior, but no update has been released yet.Recommendations
For versions up to, and including, 1.1.9, consider disabling the
restore settings function until a patch is available to prevent unauthorized modification of data. Restrict access to the AJAX action that calls the restore settings function to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Missing Authorization
Improper Authorization
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Comments Like Dislike