CVE-2023-39996 – WordPress Accordion and Accordion Slider plugin <= 1.2.4 - Broken Access Control

https://notcve.org/view.php?id=CVE-2023-39996

11 Aug 2023 — Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4. The Accordion and Accordion Slider plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data' nopriv_ AJAX functions in... • https://patchstack.com/database/wordpress/plugin/accordion-and-accordion-slider/vulnerability/wordpress-accordion-and-accordion-slider-plugin-1-2-4-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •