CVE-2023-49861: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the WordPress Social Media Feather plugin affecting versions through 2.1.3. The vulnerability was reported by Abdi Pranata on August 19, 2023, and was publicly disclosed on December 7, 2023. This security issue has been assigned CVE-2023-49861 and relates to broken access control in the plugin's security levels configuration (Patchstack Database).

The vulnerability is classified as a Missing Authorization issue (CWE-862) and has been assigned a CVSS v3.1 score of 4.3 (Medium). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating that it requires low privilege access and no user interaction to exploit, with potential impact primarily on integrity (NVD).

The broken access control vulnerability could allow an unprivileged user to execute certain higher privileged actions. The specific impact varies case by case, but it primarily affects the integrity of the system with no direct impact on confidentiality or availability (Patchstack Database).

The vulnerability has been fixed in version 2.1.4 of the Social Media Feather plugin. Users are advised to update to version 2.1.4 or later immediately. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack Database).