CVE-2023-6878

2024-01-1109:15:52

[email protected]

web.nvd.nist.gov

wordpress

slick social share buttons

cve-2023-6878

data modification

unauthorized access

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘dcssb_ajax_update’ function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.

Affected configurations

Vulners

NVD

Node

remix4slick_social_share_buttonsRange≤2.4.11

CPENameOperatorVersion
leechesnutt:slick_social_share_buttonsleechesnutt slick social share buttonsle2.4.11

CPE	Name	Operator	Version
leechesnutt:slick_social_share_buttons	leechesnutt slick social share buttons	le	2.4.11

CNA Affected

[
  {
    "vendor": "remix4",
    "product": "Slick Social Share Buttons",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.4.11",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]