CVE-2023-44151 – WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-44151

Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1. Vulnerabilidad de falta de autorización en Brainstorm Force Pre-Publish Checklist. Este problema afecta a Pre-Publish Checklist: desde n/a hasta 1.1.1. The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppc_meta_box_ajax_add_handler and ppc_meta_box_ajax_delete_handler functions due to missing validation on a user controlled key. This can allow authenticated attackers with contributor-level access and above to modify and delete the '_ppc_meta_key' post meta value for arbitrary posts. • https://patchstack.com/database/vulnerability/pre-publish-checklist/wordpress-pre-publish-checklist-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-862: Missing Authorization •