A Broken Access Control vulnerability has been identified in the WordPress BetterLinks Plugin. This vulnerability could allow an unprivileged user to execute a certain higher privileged action.
This vulnerability was discovered and responsibly reported by Nguyen Anh Tien.
The vulnerability is a Broken Access Control vulnerability that occurs in the betterlinks.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user permissions to gain access to sensitive information or functionality that they would not normally have access to.
The vulnerability has a CVSS 3.1 score of 7.3, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.
All versions of the BetterLinks Plugin prior to 1.6.1 are affected by this vulnerability.
An attacker who successfully exploits this vulnerability could:
- Gain access to sensitive information or functionality that they would not normally have access to.
- Modify or delete data.
- Take control of user accounts.
Users of the BetterLinks Plugin are strongly advised to update to the latest available version (at least 1.6.1) as soon as possible. This vulnerability has been fixed in version 1.6.1.