CVE-2023-30488 – Featured Post Creative <= 1.2.7 - Missing Authorization via wpfp_update_featured_post

https://notcve.org/view.php?id=CVE-2023-30488

The Featured Post Creative plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfp_update_featured_post function called via a nopriv AJAX action in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to change what post is featured. • CWE-862: Missing Authorization •