1 results (0.004 seconds)
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0
CVE-2023-30488 – Featured Post Creative <= 1.2.7 - Missing Authorization via wpfp_update_featured_post
https://notcve.org/view.php?id=CVE-2023-30488
The Featured Post Creative plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfp_update_featured_post function called via a nopriv AJAX action in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to change what post is featured. • CWE-862: Missing Authorization •