CVE-2023-6883
published 2024-01-11CVE-2023-6883: The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.32%
24.1th percentile
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easysocialfeed | easy_social_feed | <= 6.5.2 | — |
| sjaved | easy_social_feed_social_photos_gallery_and_post_feed_for_wordpress | <= 6.5.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Easy Social Feed Plugin up to 6.5.2 on WordPress Setting authorization (ID 3012165)
vuldb·2026-04-11·CVSS 4.3
CVE-2023-6883 [MEDIUM] Easy Social Feed Plugin up to 6.5.2 on WordPress Setting authorization (ID 3012165)
A vulnerability categorized as problematic has been discovered in Easy Social Feed Plugin up to 6.5.2 on WordPress. The affected element is an unknown function of the component Setting Handler. Such manipulation leads to missing authorization.
This vulnerability is referenced as CVE-2023-6883. The attack needs to be initiated within the local network. No exploit is available.
GHSA
GHSA-m25v-grp2-qq63: The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functi
ghsa_unreviewed·2024-01-11
CVE-2023-6883 [MEDIUM] CWE-732 GHSA-m25v-grp2-qq63: The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functi
The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs.
No detection rules found.
No public exploits indexed.
https://plugins.trac.wordpress.org/changeset/3012165/easy-facebook-likeboxhttps://www.wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cvehttps://plugins.trac.wordpress.org/changeset/3012165/easy-facebook-likeboxhttps://www.wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=cve
2024-01-11
Published