CVE-2023-6883

Name of the Vulnerable Software and Affected Versions Easy Social Feed plugin for WordPress versions up to, and including, 6.5.2

Description The issue allows authenticated attackers with subscriber-level access and above to perform unauthorized actions due to a missing capability check on multiple AJAX functions. This enables them to modify the plugin's Facebook and Instagram access tokens and update group IDs.

Recommendations For versions up to, and including, 6.5.2, update to a version higher than 6.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX functions until a patch is available.