CVE-2023-49193: 
WordPress vulnerability analysis and mitigation

The Social Pug WordPress plugin (versions through 1.30.0) contains a Missing Authorization vulnerability identified as CVE-2023-49193. The vulnerability was discovered by Abdi Pranata and publicly disclosed on December 1, 2023. This security issue affects the plugin's access control mechanisms, potentially allowing unauthorized access to certain functionalities (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that occurs due to missing capability checks on multiple functions that run on admin_init. The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (WPScan).

The vulnerability allows unauthenticated attackers to update the database and execute certain higher privileged actions due to broken access control mechanisms. This could lead to unauthorized modification of data within the WordPress installation (Patchstack).

Website administrators are advised to update to Social Pug version 1.30.1 or later, which contains the fix for this vulnerability. For temporary mitigation, Patchstack has issued a virtual patch to block potential attacks until the update can be applied (Patchstack).