Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-3244 PoC — Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset

Source
https://github.com/drnull03/POC-CVE-2023-3244
Associated Vulnerability
Title:Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset (CVE-2023-3244)
Description:The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: this issue is was only partially patched in version 1.2.0, as the nonce is still present to subscriber-level users.
Description
This is a Proof of Concept (PoC) for CVE-2023-3244, a vulnerability in comment-like-dislike. The PoC demonstrates the exploitability of this vulnerability and serves as a reference for security researchers and developers to better understand and mitigate the risk associated with this issue.
Readme
Hello, this is a simple Proof of Concept (PoC) for the CVE-2023-3244 vulnerability found in the WordPress plugin "comments-like-dislike". The vulnerability affects plugin versions up to and including 1.2.0. 

To exploit this vulnerability, you can refer to the Python script provided. However, please note that the issue has been addressed and fixed in version 1.2.1 of the plugin.

For further information and external readings on this vulnerability, you can visit the National Vulnerability Database (NVD) website at [CVE-2023-3244](https://nvd.nist.gov/vuln/detail/CVE-2023-3244).
File Snapshot

 [4.0K]  /data/pocs/2cff9cbefe4b7950fdfec7cc3df19c093fc3114c
├── [ 34K]  LICENSE
├── [3.1K]  POC-CVE-2023-3244.py
└── [ 584]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →