CVE-2023-51679 – WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-51679

Missing Authorization vulnerability in BulkGate BulkGate SMS Plugin for WooCommerce.This issue affects BulkGate SMS Plugin for WooCommerce: from n/a through 3.0.2. Vulnerabilidad de autorización faltante en BulkGate BulkGate SMS Plugin for WooCommerce. Este problema afecta a BulkGate SMS Plugin for WooCommerce: desde n/a hasta 3.0.2. The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save module settings among other actions. • https://patchstack.com/database/vulnerability/woosms-sms-module-for-woocommerce/wordpress-bulkgate-sms-plugin-for-woocommerce-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •