CVE-2023-47776 – WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-47776

14 Nov 2023 — Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1. The miniorange otp verification plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismiss_notice function in versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with subscriber-level acce... • https://patchstack.com/database/wordpress/plugin/miniorange-otp-verification/vulnerability/wordpress-miniorange-otp-verification-plugin-4-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •