CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40679 – WordPress Master Elementor Addons plugin <= 2.0.5.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40679
22 Aug 2023 — Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3. The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized functionality access due to a missing capability check on the jltma_rest_api_action REST API action in versions up to, and including, 2.0.5.3. This makes it possible for unauthenticated attackers to invok... • https://vdp.patchstack.com/database/wordpress/plugin/master-addons/vulnerability/wordpress-master-elementor-addons-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •