CVE-2023-2174

Name of the Vulnerable Software and Affected Versions BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6

Description The issue allows authenticated attackers with subscriber-level permissions and above to modify data by deleting the plugin's log entries due to a missing capability check on the delete badgeos log entries function. This enables them to manipulate the plugin's data without proper authorization.

Recommendations For BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6, consider disabling the delete badgeos log entries function until a patch is available to prevent unauthorized modification of data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.