CVE-2023-0402

Name of the Vulnerable Software and Affected Versions Social Warfare plugin for WordPress versions up to, and including, 4.3.0

Description The issue is related to authorization bypass due to a missing capability check on several AJAX actions. This allows authenticated attackers with subscriber-level permissions and above to delete post meta information and reset network access tokens.

Recommendations For Social Warfare plugin for WordPress versions up to, and including, 4.3.0, update to a version higher than 4.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the affected AJAX actions until a patch is available.