CVE-2024-1745 – Testimonial Slider < 2.3.7 - Author+ Settings Update

https://notcve.org/view.php?id=CVE-2024-1745

The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them. El complemento Testimonial Slider de WordPress anterior a 2.3.7 no garantiza adecuadamente que un usuario tenga las capacidades necesarias para editar ciertas configuraciones sensibles del complemento Testimonial Slider de WordPress anterior a 2.3.7, lo que hace posible que los usuarios con al menos el rol de Autor puedan editarlas. The Testimonial Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tssSettingsUpdate() function in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with author-level access and above, to update the plugin's settings. • https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598 • CWE-862: Missing Authorization •