CVE-2023-1597 – tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation

https://notcve.org/view.php?id=CVE-2023-1597

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. The tagDiv Cloud Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tdb_user_form_on_submit() function called via an AJAX action in versions prior to 2.7. This makes it possible for unauthenticated attackers to modify arbitrary user metadata and gain elevated privileges. • https://wpscan.com/vulnerability/4eafe111-8874-4560-83ff-394abe7a803b • CWE-862: Missing Authorization •