A Broken Access Control vulnerability has been identified in the WordPress BetterLinks Plugin. This vulnerability could allow an unprivileged user to execute a certain higher privileged action.
This vulnerability was discovered and responsibly reported by Nguyen Anh Tien.
The vulnerability is a Broken Access Control vulnerability that occurs in the betterlinks.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user permissions to gain access to sensitive information or functionality that they would not normally have access to.
Severity:
The vulnerability has a CVSS 3.1 score of 7.3, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.
Affected Versions:
All versions of the BetterLinks Plugin prior to 1.6.1 are affected by this vulnerability.
Impact:
An attacker who successfully exploits this vulnerability could:
- Gain access to sensitive information or functionality that they would not normally have access to.
- Modify or delete data.
- Take control of user accounts.
Recommendation:
Users of the BetterLinks Plugin are strongly advised to update to the latest available version (at least 1.6.1) as soon as possible. This vulnerability has been fixed in version 1.6.1.
