Vulnerabilities > CVE-2023-0402 - Unspecified vulnerability in Warfareplugins Social Warfare

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
LOW
network
low complexity
warfareplugins

Summary

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta information and reset network access tokens.

Vulnerable Configurations

Part Description Count
Application
Warfareplugins
53