WordPress Plugin Vulnerabilities

Comments Like Dislike < 1.2.0 - Subscriber+ Settings Reset

Description

The plugin does not have authorisation when resetting its settings, allowing ay authenticated users, such as subscriber to reset them via the restore_settings function hooked to an AJAX action

Affects Plugins

Plugin icon
comments-like-dislike
Fixed in 1.2.0

References

CVE
CVE-2023-3244

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Hung Duong
Verified
No
WPVDB ID
bdb58f7c-0c1f-4448-a88c-8c6273d43546

Timeline

Publicly Published
2023-08-16 (about 2 years ago)
Added
2023-08-18 (about 2 years ago)
Last Updated
2023-08-22 (about 2 years ago)

Other

Published
Title
Published
2024-11-08
Title
CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change
Published
2024-06-05
Title
Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Exposure
Published
2025-07-24
Title
Frontend File Manager < 22.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Published
2024-10-24
Title
WPS Telegram Chat <= 4.6.0 - Authenticated (Subscriber+) Unauthorized Access to Telegram Bot API
Published
2024-04-09
Title
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions