WordPress Click To Tweet plugin <= 2.0.14 - Broken Access Control vulnerability
CVE-2023-41857

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Click To Tweet
Vendor: CVE Published:; 13 December 2024

Summary

A missing authorization vulnerability has been identified in the ClickToTweet plugin, which allows unauthorized access to sensitive features due to improperly configured access controls. This issue affects users who utilize Click To Tweet versions from n/a up to 2.0.14, potentially leading to unauthorized actions that compromise the integrity of user data and content management. It is essential for users to review their security measures and ensure that the plugin is updated to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Click To Tweet <= 2.0.14

References

https://patchstack.com/database/wordpress/plugin/click-to...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Sep 4, 2023

Credit

thiennv (Patchstack Alliance)