CVE-2022-36387 – WordPress About Me plugin <= 1.0.12 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2022-36387

25 Aug 2022 — Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. Una vulnerabilidad de Control de Acceso Roto en el plugin About Me de Alessio Caiazza versiones anteriores a 1.0.12 incluyéndola, en WordPress. The About Me plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the functions covering its AJAX actions in versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with subscriber-level permis... • https://patchstack.com/database/vulnerability/about-me/wordpress-about-me-plugin-1-0-12-broken-access-control-vulnerability/_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •