CVE-2023-38483 – WordPress Instant CSS plugin <= 1.1.4 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-38483

24 Jul 2023 — Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4. The Instant CSS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via AJAX actions in the ~/classes/class.instantcss_ajax.php file in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, ... • https://patchstack.com/database/wordpress/plugin/instant-css/vulnerability/wordpress-instant-css-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •