CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28168 – WordPress WordPress Console plugin <= 0.3.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-28168
14 Mar 2023 — Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9. The WordPress Console plugin for WordPress is vulnerable to unauthorized modification of data and execution of files due to missing authorization in several files such as reload.php, complete.php, and query that is also missing direct file access controls in versions up to, and including, 0.3.9. This makes i... • https://patchstack.com/database/wordpress/plugin/wordpress-console/vulnerability/wordpress-wordpress-console-plugin-0-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •