CVE-2023-38513 – WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-38513
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).This issue affects Photo Engine (Media Organizer & Lightroom): from n/a through 6.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Jordy Meow Photo Engine (Media Organizer & Lightroom). Este problema afecta a Photo Engine (Media Organizer & Lightroom): desde n/a hasta 6.2.5. The Photo Engine plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.2.5. This is due to missing validation on a user controlled key within the ajax_generate_auth_token function. • https://patchstack.com/database/vulnerability/wplr-sync/wordpress-photo-engine-plugin-6-2-5-insecure-direct-object-references-idor?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •