CVE-2024-32783 – WordPress Advanced Testimonial Carousel for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0. Vulnerabilidad de autorización faltante en wpcreativeidea Advanced Testimonial Carousel for Elementor. Este problema afecta al carrusel de testimonios avanzado para Elementor: desde n/a hasta 3.0.0. The Advanced Testimonial Carousel for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handleAjaxCalls() function in versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a plethora of actions. • https://patchstack.com/database/vulnerability/advanced-testimonial-carousel-for-elementor/wordpress-advanced-testimonial-carousel-for-elementor-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •