3 matches found
CVE-2023-0402 Social Warfare <= 4.3.0 - Missing Authorization
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...
CVE-2023-0402
The CVE-2023-0402 entry concerns the Social Warfare plugin for WordPress (versions up to and including 4.3.0). Root cause: missing capability checks on several AJAX actions leading to an authorization bypass; affected actors with subscriber-level permissions can delete post meta and reset network...
WordPress Social Warfare Plugin <= 4.3.0 is vulnerable to Broken Access Control
Software Social Warfare Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0402 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 18527265013d Credits Marco Wotschka Required...