CVE-2023-40001 – WordPress iThemes Sync plugin <= 2.1.13 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-40001

25 Aug 2023 — Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13. The iThemes Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.13. This is due to missing or incorrect nonce validation on the hide_authenticate_notice function. This makes it possible for unauthenticated attackers to hide admin notices via a forged request granted... • https://patchstack.com/database/wordpress/plugin/ithemes-sync/vulnerability/wordpress-ithemes-sync-plugin-2-1-13-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •