CVE-2023-6279

Name of the Vulnerable Software and Affected Versions Woostify Sites Library WordPress plugin versions prior to 1.4.8

Description The issue concerns a lack of authorization in an AJAX action, allowing any authenticated users to update arbitrary blog options and set them to 'activated'. This could potentially lead to a Denial of Service (DoS) when using a specific option name.

Recommendations For versions prior to 1.4.8, update to version 1.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthorized updates to blog options.