CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49192 – WordPress Enhanced Text Widget plugin <= 1.6.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-49192
01 Dec 2023 — Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.6.3. The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etw_hide_admin_notification_callback function in versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to hide admin notifica... • https://patchstack.com/database/wordpress/plugin/enhanced-text-widget/vulnerability/wordpress-enhanced-text-widget-plugin-1-6-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23823 – WordPress Enhanced Text Widget plugin <= 1.5.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-23823
30 Jun 2023 — Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8. The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.5.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to make u... • https://patchstack.com/database/wordpress/plugin/enhanced-text-widget/vulnerability/wordpress-enhanced-text-widget-plugin-1-5-7-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •