CVE-2023-38480 – Booster Elementor Addons <= 1.4.9 - Missing Authorization

https://notcve.org/view.php?id=CVE-2023-38480

The Booster Elementor Addons plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via nopriv AJAX actions in the ~/base/core/ajax_handler.php file in versions up to, and including, 1.4.9. This makes it possible for unauthenticated attackers to perform a variety of actions such as load the icon chooser and save active widgets and extensions. • CWE-862: Missing Authorization •