CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2023-49192 – Enhanced Text Widget <= 1.6.3 - Missing Authorization via etw_hide_admin_notification_callback
https://notcve.org/view.php?id=CVE-2023-49192
The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etw_hide_admin_notification_callback function in versions up to, and including, 1.6.3. This makes it possible for unauthenticated attackers to hide admin notifications. • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: %CPEs: 1EXPL: 0CVE-2023-23823 – Enhanced Text Widget <= 1.5.8 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-23823
The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.5.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of this functionality. • CWE-862: Missing Authorization •