CVE-2023-47776 – miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice

https://notcve.org/view.php?id=CVE-2023-47776

The miniorange otp verification plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismiss_notice function in versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins. • CWE-862: Missing Authorization •