WordPress Plugin Vulnerabilities

WiserNotify Social Proof < 2.6 - Missing Authorization

Description

The WiserNotify Social Proof plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the varify_api() function hooked via an AJAX action in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to trigger API verification.

Affects Plugins

Plugin icon
wiser-notify
Fixed in 2.6

References

CVE
CVE-2023-41690
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/86055b1b-23a6-4e33-8818-0af58c8e6383

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (Medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
e4807a2e-4baf-47ed-ab13-767533334b57

Timeline

Publicly Published
2023-09-04 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-03 (about 2 years ago)

Other

Published
Title
Published
2025-12-30
Title
Registration & Login with Mobile Phone Number for WooCommerce < 1.3.2 - Missing Authorization
Published
2025-03-31
Title
WP Mobile Bottom Menu < 1.4.1 - Missing Authorization
Published
2023-09-13
Title
WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update
Published
2025-09-25
Title
ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution < 4.8.4 - Insufficient Authorization to Authenticated (Editor+) Settings Update
Published
2025-10-04
Title
Export Categories <= 1.0 - Missing Authorization