CVE-2024-1771 – Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update

https://notcve.org/view.php?id=CVE-2024-1771

05 Mar 2024 — The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage. El tema Total para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función total_order_sections() en todas las ve... • https://themes.trac.wordpress.org/browser/total/2.1.59/inc/customizer/customizer-functions.php#L112 • CWE-862: Missing Authorization •