1 results (0.003 seconds)
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-46606 – AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint
https://notcve.org/view.php?id=CVE-2023-46606
The AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'credits' REST API function in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to manipulate user credits when the myCred plugin is installed. • CWE-862: Missing Authorization •