CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40203 – WordPress MailChimp Forms by MailMunch plugin <= 3.1.4 - Broken Access Control
https://notcve.org/view.php?id=CVE-2023-40203
11 Aug 2023 — Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4. The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'delete_widget', 'change_email_status', and 'delete_email' AJAX functions in versions up to, and including, 3.1.4. This makes ... • https://patchstack.com/database/wordpress/plugin/mailchimp-forms-by-mailmunch/vulnerability/wordpress-mailchimp-forms-by-mailmunch-plugin-3-1-4-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •