CVE-2022-45813 – BeRocket Plugins <= (Various Versions) - Missing Authorization

https://notcve.org/view.php?id=CVE-2022-45813

13 Dec 2022 — Several BeRocket Plugins for WordPress are vulnerable to authorization bypass due to missing capability checks on functions corresponding to AJAX actions that are available to subscribers. This includes the close_notice, subscribe, disable_rate_notice, feature_request_send, get_plugin_error_ajax, close_notice, and test_key functions This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. One of the functions i... • CWE-862: Missing Authorization •