Hi @awakegal
Could you please share with us any related URL or anything that would allow us to get more details about that issue?
Currently we’re not sure what’s wrong, we would love to hear about it from the researcher.
Thank you!
I received an email from iThemes Security which said Known issues
This is the only information I have:
https://patchstack.com/database/vulnerability/ultimate-social-media-plus/wordpress-social-share-icons-social-share-buttons-plugin-3-5-7-broken-access-control?_a_id=431
https://www.cve.org/CVERecord?id=CVE-2023-38514
Hi @awakegal
Thank you for providing what you have.
Unfortunately, it does not look like these URLs contain any details about the issue, the way how to reproduce it or code examples.
We highly believe it’s a false positive of some plugin scrapper. As our plugin on purpose display some content to unauthenticated users such as sharing icons or widget.
For now, please ignore, we will contact WordFence, iTunes Security and researcher about that in order to resolve it as quick as possible.