CVE-2023-3244: 
WordPress vulnerability analysis and mitigation

The Comments Like Dislike plugin for WordPress (versions up to 1.1.9) was identified with a vulnerability (CVE-2023-3244) involving unauthorized modification of data. The vulnerability was discovered by Hung Duong and publicly disclosed on August 16, 2023. The issue stems from a missing capability check in the restore_settings function that is called via an AJAX action (WPScan, NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium) according to NVD, while Wordfence assessed it at 5.3 (Medium). The technical issue revolves around the absence of proper authorization checks in the restore_settings function, which is accessible through an AJAX action. The vulnerability vector is described as CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility with low attack complexity (NVD).

The vulnerability allows authenticated attackers with minimal permissions, such as subscribers, to reset the plugin's settings to their default values. This unauthorized access to administrative functions could lead to disruption of the plugin's intended functionality and configuration (NVD).

The vulnerability has been fixed in version 1.2.0 of the Comments Like Dislike plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan).