WordPress Plugin Vulnerabilities

BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read

Description

The plugin discloses the content of password protected posts to unauthenticated users via a meta tag

Proof of Concept

Affects Plugins

Plugin icon
facebook-button-plugin
Fixed in 2.74

References

CVE
CVE-2023-6250

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
6cad602b-7414-4867-8ae2-f0b846c4c8f0

Timeline

Publicly Published
2023-11-29 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2023-11-29 (about 2 years ago)

Other

Published
Title
Published
2024-06-12
Title
Download Manager < 3.2.90 - Improper Authorization via protectMediaLibrary
Published
2014-08-01
Title
portable-phpMyAdmin < 1.3.1 - Authentication Bypass
Published
2025-02-28
Title
SetSail Membership < 1.1 - Authentication Bypass
Published
2025-07-21
Title
Orion Login with SMS <= 1.0.5 - Authenticated Bypass via Weak OTP
Published
2019-10-14
Title
Popup-Maker < 1.8.13 - Multiple Vulnerabilities