CVE-2023-6883
Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.
El complemento Easy Social Feed para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en múltiples funciones AJAX en todas las versiones hasta la 6.5.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, realicen acciones no autorizadas, como modificar los tokens de acceso de Facebook e Instagram del complemento y actualizar las ID de grupo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-12-16 CVE Reserved
- 2024-01-02 CVE Published
- 2024-01-17 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Easysocialfeed Search vendor "Easysocialfeed" | Easy Social Feed Search vendor "Easysocialfeed" for product "Easy Social Feed" | <= 6.5.2 Search vendor "Easysocialfeed" for product "Easy Social Feed" and version " <= 6.5.2" | wordpress |
Affected
| ||||||