WordPress Plugin Vulnerabilities

FeedFocal < 1.3.0 - Unauthenticated Tracking Code Update

Description

The plugin is lacking authorisation checks in its feedfocal_api_setup function, allowing unauthenticated attackers to update the Tracking Code via the feedfocal_survey_code option.

Affects Plugins

Plugin icon
feedfocal
Fixed in 1.3.0

References

CVE
CVE-2023-46609
URL
https://patchstack.com/database/vulnerability/feedfocal/wordpress-feedfocal-plugin-1-2-1-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
d3c0f783-9135-4dad-a3ae-ba3cb52c5302

Timeline

Publicly Published
2023-10-24 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-03-20 (about 2 years ago)

Other

Published
Title
Published
2024-12-14
Title
畅言评论系统 <= 2.0.5 - Missing Authorization
Published
2025-10-30
Title
Order Export & Order Import for WooCommerce < 2.6.8 - Missing Authorization
Published
2024-05-07
Title
Shared Files < 1.7.20 - Missing Authorization
Published
2026-03-05
Title
LeadConnector < 3.0.22 - Unauthenticated Rest Call
Published
2026-01-30
Title
Fitness FSE <= 1.0.6 - Missing Authorization