CVE-2023-6878

Name of the Vulnerable Software and Affected Versions Slick Social Share Buttons plugin for WordPress versions up to, and including, 2.4.11

Description The issue allows unauthorized modification of data due to a missing capability check on the dcssb ajax update function. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the site options arbitrarily.

Recommendations For versions up to, and including, 2.4.11, update to a version higher than 2.4.11 to resolve the issue. As a temporary workaround, consider disabling the dcssb ajax update function until a patch is available.