WordPress Plugin Vulnerabilities

Click To Tweet <= 2.0.14 - Missing Authorization

Description

The Click To Tweet plugin for WordPress is vulnerable to unauthorized access, loss or modification of data due to a missing capability check on one of its functions in versions up to, and including, 2.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality.

Affects Plugins

Plugin icon
click-to-tweet
No known fix

References

CVE
CVE-2023-41857
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
80466d9f-e6e9-4932-a099-c12ba5b5d873

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2025-01-30
Title
Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
Published
2023-12-06
Title
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_global_value)
Published
2026-01-05
Title
Quiz and Survey Master (QSM) < 10.3.2 - Missing Authorization to Unpublished, Private And Password-Protected Quiz Information Disclosure And Image Response Uploads
Published
2026-01-12
Title
xSmart <= 1.2.9.4 - Missing Authorization
Published
2021-08-16
Title
Opal Estate <= 1.6.11 - Missing Authorization