WordPress Plugin Vulnerabilities

Protected Posts Logout Button < 1.4.6 - Missing Authorization

Description

The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them

Affects Plugins

Plugin icon
protected-posts-logout-button
Fixed in 1.4.6

References

CVE
CVE-2023-25454

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
f2d50688-eee7-4c7f-8b9a-2a4f9dc8d3a6

Timeline

Publicly Published
2023-02-16 (about 3 years ago)
Added
2023-06-14 (about 2 years ago)
Last Updated
2023-06-14 (about 2 years ago)

Other

Published
Title
Published
2024-06-06
Title
Copymatic – AI Content Writer & Generator < 2.0 - Missing Authorization
Published
2025-11-10
Title
Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
Published
2023-10-19
Title
Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions
Published
2025-04-09
Title
Rich Table of Contents < 1.4.1 - Missing Authorization
Published
2025-02-14
Title
Distance Based Shipping Calculator < 2.0.23 - Missing Authorization