CVE-2023-6638 – GTG Product Feed for Shopping <= 1.2.4 - Missing Authorization to Unauthenticated Plugin Settings Update

https://notcve.org/view.php?id=CVE-2023-6638

15 Dec 2023 — The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings. El complemento GTG Product Feed for Shopping para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función 'update_settings' en versiones hasta la ... • https://plugins.trac.wordpress.org/browser/gg-woo-feed/trunk/inc/Admin/Admin.php?rev=2933599#L199 • CWE-862: Missing Authorization •