WordPress Plugin Vulnerabilities

YourChannel < 1.2.4 - Unauthenticated Settings Reset

Description

The plugin does not have authorisation check when reset its settings, allowing unauthenticated attackers to reset them and remove YT channels from the plugin

Affects Plugins

Plugin icon
yourchannel
Fixed in 1.2.4

References

CVE
CVE-2023-1865

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
b9918d7e-7a58-4fa1-94be-8370bbabd236

Timeline

Publicly Published
2023-04-05 (about 2 years ago)
Added
2023-04-05 (about 2 years ago)
Last Updated
2023-04-20 (about 2 years ago)

Other

Published
Title
Published
2023-07-25
Title
Ninja Forms < 3.6.26 - Contributor+ Form Entries Export
Published
2024-08-01
Title
WooCommerce PDF Vouchers < 4.9.5 - Missing Authorization
Published
2024-06-06
Title
Clever Fox – One Click Website Importer by Nayra Themes < 25.2.1 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme
Published
2026-01-27
Title
aDirectory < 3.0.4 - Missing Authorization
Published
2024-04-16
Title
Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization