Social Media Feather < 2.1.4 – Subscriber+ Unauthorised Action | CVE 2023-49861

Affects Plugins

Fixed in 2.1.4

References

CVE

CVE-2023-49861

URL

https://patchstack.com/database/vulnerability/social-media-feather/wordpress-social-media-feather-plugin-2-1-3-broken-access-control-vulnerability

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

94c043fa-5a08-48f7-8a5d-92df057f9e48

Timeline

Publicly Published

2023-12-07 (about 5 months ago)

Added

2023-12-12 (about 5 months ago)

Last Updated

2024-01-08 (about 4 months ago)

Other

Published

Title

Published

2024-02-26

Title

Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxUpdateFolderPosition

Published

2024-04-26

Title

Admin Bar Remover < 1.0.23 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Published

2022-11-01

Title

WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion

Published

2023-10-31

Title

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

Published

2023-01-10

Title

Royal Elementor Addons < 1.3.60 - Subscriber+ Template Kit Import