CVE-2023-28168 – WordPress Console <= 0.3.9 - Missing Authorization via reload.php

https://notcve.org/view.php?id=CVE-2023-28168

The WordPress Console plugin for WordPress is vulnerable to unauthorized modification of data and execution of files due to missing authorization in several files such as reload.php, complete.php, and query that is also missing direct file access controls in versions up to, and including, 0.3.9. This makes it possible for unauthenticated attackers to unset the '$_SESSION['console_vars']' and '$_SESSION['partial']' variables and potentially achieve remote code execution if they can successfully exploit the type juggling weakness in query.php. • CWE-862: Missing Authorization •