CVE-2023-6810

Name of the Vulnerable Software and Affected Versions ClickCease Click Fraud Protection plugin for WordPress versions up to, and including, 3.2.4

Description The issue arises from an improper capability check on the get settings function, allowing authenticated attackers with author access and above to retrieve the plugin's configured API keys. This enables unauthorized access to data.

Recommendations For versions up to, and including, 3.2.4, update to a version higher than 3.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the get settings function to prevent unauthorized retrieval of API keys.