Data Modification Vulnerability in GTG Product Feed for Shopping Plugin by WordPress
CVE-2023-6638
5.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 11 January 2024
What is CVE-2023-6638?
The GTG Product Feed for Shopping plugin for WordPress has a security issue that allows unauthorized users to modify settings. Due to a missing capability check in the 'update_settings' function, attackers can exploit this vulnerability in versions up to and including 1.2.4 to change plugin configurations without authentication, potentially compromising site integrity and functionality.
Affected Version(s)
GG Woo Feed for WooCommerce Shopping Feed on Google Facebook and Other Channels * <= 1.2.4