CVE-2023-38383 – WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-38383

20 Jul 2023 — Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1. The Language plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/wordpress/plugin/wordpress-language/vulnerability/wordpress-wordpress-language-plugin-1-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •