cbcvebase.
CVE-2023-3244
published 2023-08-17

CVE-2023-3244: The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings…

PriorityP427medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EXPLOIT
EPSS
0.79%
51.5th percentile
The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: this issue is was only partially patched in version 1.2.0, as the nonce is still present to subscriber-level users.

Affected

2 ranges
VendorProductVersion rangeFixed in
happy-coderscomments_like_dislike<= 1.2.0
wphappycoderscomments_like_dislike<= 1.1.9
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.