CVE-2023-28165 – Backup Bank: WordPress Backup Plugin <= 4.0.28 - Missing Authorization via post_user_feedback_backup_bank

https://notcve.org/view.php?id=CVE-2023-28165

The Backup Bank: WordPress Backup Plugin plugin for WordPress is vulnerable to unauthorized execution of an AJAX action due to a missing capability check on the post_user_feedback_backup_bank() function in versions up to, and including, 4.0.28. This makes it possible for authenticated attackers with subscriber-level access, and above, to submit plugin feedback spoofing as the identity of the site owner. • CWE-862: Missing Authorization •