CVE-2023-5098 – Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update

https://notcve.org/view.php?id=CVE-2023-5098

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. El complemento Campaign Monitor Forms by Optin Cat de WordPress anterior a 2.5.6 no impide que los usuarios con privilegios bajos (como suscriptores) sobrescriban cualquier opción en un sitio con la cadena "true", lo que podría conducir a una variedad de resultados, incluido DoS. The Campaign Monitor Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss_notice function in versions up to, and including, 2.5.5. This makes it possible for authenticated attackers to update arbitrary options to a value of 'true'. • https://wpscan.com/vulnerability/3167a83c-291e-4372-a42e-d842205ba722 • CWE-862: Missing Authorization •