3 matches found
CVE-2023-6878
The CVE-2023-6878 entry concerns the Slick Social Share Buttons WordPress plugin. Affected versions:
CVE-2023-6878 Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssbajaxupdate' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permission...
WordPress Slick Social Share Buttons Plugin <= 2.4.11 is vulnerable to Broken Access Control
Software Slick Social Share Buttons Type Plugin Vulnerable versions = 2.4.11 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6878 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7c96f50fb437 Credits István Márton...