Lucene search
WpvulndbWPVDB-ID:5DE1C34B-0D16-4B55-86B6-23F5D4E77A49HistoryJan 03, 2024 - 12:00 a.m.
Easy Social Feed < 6.5.3 - Subscriber+ Settings Update
2024-01-0300:00:00
wpscan.com
2
plugin
vulnerability
unauthorized access
data modification
capability check
ajax functions
facebook
instagram
access tokens
group ids
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin’s Facebook and Instagram access tokens and updating group IDs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 6.5.3 |
Related
cve
cve
CVE-2023-6883
2024-01-11 07:15:09
prion
prion
Design/Logic Flaw
2024-01-11 07:15:00
cvelist
cvelist
CVE-2023-6883
2024-01-11 06:49:32
nvd
nvd
CVE-2023-6883
2024-01-11 07:15:09
wordfence
wordfence
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
14.0%
Related for WPVDB-ID:5DE1C34B-0D16-4B55-86B6-23F5D4E77A49