WordPress Plugin Vulnerabilities

BetterLinks < 1.6.1 - Improper Authorization to Data Import and Export

Description

The BetterLinks plugin for WordPress is vulnerable to unauthorized access and modification due to insufficient capability checks on the import_data and export_data functions in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to import and export plugin data.

Affects Plugins

Plugin icon
betterlinks
Fixed in 1.6.1

References

CVE
CVE-2023-45104
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
6.5 (Medium)

Miscellaneous

Original Researcher
Nguyen Anh Tien
Verified
No
WPVDB ID
38cb832c-79f0-4aac-a8aa-1dba69497582

Timeline

Publicly Published
2023-10-18 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2024-09-04
Title
SmartSearchWP < 2.4.6 - Unauthenticated OpenAI Key Disclosure
Published
2025-07-10
Title
Premium Age Verification / Restriction for WordPress <= 3.0.2 - Unauthenticated Arbitrary File Read/Write
Published
2021-12-28
Title
Shortcode Addons < 3.2.0 - Authenticated Arbitrary Options Update
Published
2023-02-09
Title
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
Published
2025-12-16
Title
Ultimate Member < 2.11.1 - Authenticated (Subscriber+) Profile Privacy Setting Bypass