WordPress Plugin Vulnerabilities

illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion

Description

The plugin lacks proper access controls, allowing unauthenticated visitors to delete links.

Proof of Concept

Affects Plugins

Plugin icon
link-party
No known fix

References

CVE
CVE-2023-7231

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
797692ce-f355-4d4a-af01-4bd9abc60a34

Timeline

Publicly Published
2024-01-23 (about 1 year ago)
Added
2024-01-23 (about 1 year ago)
Last Updated
2024-01-23 (about 1 year ago)

Other

Published
Title
Published
2024-04-29
Title
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Published
2024-09-25
Title
Jupiter X Core < 4.7.8 - Limited Unauthenticated Authentication Bypass to Account Takeover
Published
2021-10-01
Title
Stripe For WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking
Published
2021-10-18
Title
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
Published
2021-06-18
Title
404 to 301 < 3.0.8 - Broken Access Control