CVE-2023-6878: 
WordPress vulnerability analysis and mitigation

The Slick Social Share Buttons WordPress plugin (versions up to and including 2.4.11) contains a vulnerability identified as CVE-2023-6878. The vulnerability stems from a missing capability check on the 'dcssb_ajax_update' function, which allows unauthorized modification of data. This security flaw was disclosed on January 11, 2024 (NVD).

The vulnerability is characterized by a missing capability check in the plugin's functionality, specifically in the 'dcssb_ajax_update' function. The CVSS v3.1 base scores vary between sources, with NVD rating it at 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, while Wordfence assigns a higher score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows authenticated attackers with subscriber-level permissions or above to arbitrarily update site options. This could potentially lead to unauthorized modification of critical site settings and configurations (NVD).

Users should update to a version newer than 2.4.11 if available. The vulnerability affects all versions up to and including 2.4.11 of the Slick Social Share Buttons plugin (NVD).