CVE-2023-6250: 
WordPress vulnerability analysis and mitigation

The BestWebSoft's Like & Share WordPress plugin before version 2.74 contains a security vulnerability identified as CVE-2023-6250. The vulnerability was discovered by Krzysztof Zając from CERT PL and was publicly disclosed on November 29, 2023. This security issue affects the facebook-button-plugin component and has been assigned a CVSS score of 5.3 (medium) (WPScan).

The vulnerability is classified as an authentication bypass (AUTHBYPASS) issue, corresponding to CWE-287 and falling under the OWASP Top 10 category A2: Broken Authentication and Session Management. The technical issue involves the plugin disclosing the content of password-protected posts to unauthenticated users through a meta tag. Specifically, the vulnerability can be exploited by viewing the source of any password-protected post and examining the og:description meta tag (WPScan).

The vulnerability allows unauthorized users to access content that should be protected by a password. This breach of access control could lead to the exposure of sensitive or private information that was intended to be restricted to authenticated users only (WPScan).

The vulnerability has been fixed in version 2.74 of the BestWebSoft's Like & Share plugin. Website administrators running affected versions should update to version 2.74 or later to protect against this security issue (WPScan).