CVE-2023-2174

Summary

CVE-2023-2174 is a vulnerability affecting the BadgeOS plugin for WordPress. This issue allows authenticated attackers, with subscriber-level permissions and above, to bypass capability checks and delete log entries through the delete_badgeos_log_entries function in versions up to 3.7.1.6. As a result, attackers can modify plugin data, potentially leading to unintended consequences or system compromises. It is strongly recommended that users of these affected versions upgrade to the latest patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.