The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset network access tokens.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-01-19T14:07:08.694Z

Updated: 2024-08-02T05:10:55.925Z

Reserved: 2023-01-19T14:06:58.319Z

Link: CVE-2023-0402

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-19T15:15:13.813

Modified: 2024-11-21T07:37:07.237

Link: CVE-2023-0402

cve-icon Redhat

No data.