CVE-2023-1868

Name of the Vulnerable Software and Affected Versions YourChannel plugin for WordPress versions up to, and including, 1.2.3

Description The issue is related to a missing capability check when clearing the plugin cache via the yrc clear cache GET parameter. This allows unauthenticated attackers to clear the plugin's cache, potentially leading to unauthorized loss of data.

Recommendations For versions up to, and including, 1.2.3, consider disabling the cache clearing functionality via the yrc clear cache GET parameter until a patch is available. Restrict access to the cache clearing endpoint to minimize the risk of exploitation. Avoid using the yrc clear cache parameter in the affected API endpoint until the issue is resolved.