CVE-2024-32689 – WordPress WP Social Comments plugin <= 1.7.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-32689
Missing Authorization vulnerability in GenialSouls WP Social Comments.This issue affects WP Social Comments: from n/a through 1.7.3. Vulnerabilidad de autorización faltante en GenialSouls WP Social Comments. Este problema afecta a WP Social Comments: desde n/a hasta 1.7.3. The WP Social Comments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfc_allow_comments() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to turn on comments for posts. • https://patchstack.com/database/vulnerability/gs-facebook-comments/wordpress-wp-social-comments-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •