Lucene search

[email protected]NVD:CVE-2023-6878

HistoryJan 11, 2024 - 9:15 a.m.

CVE-2023-6878

2024-01-1109:15:52

[email protected]

web.nvd.nist.gov

wordpress

slick social share buttons

vulnerability

data modification

capability check

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘dcssb_ajax_update’ function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily.

Affected configurations

NVD

Node

leechesnuttslick_social_share_buttonsRange≤2.4.11wordpress

References

plugins.trac.wordpress.org/browser/slick-social-share-buttons/tags/2.4.11/inc/dcwp_admin.php#L49

www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for NVD:CVE-2023-6878

cve1 prion1 cvelist1 wpvulndb1 wordfence1