CVE-2022-3911

Name of the Vulnerable Software and Affected Versions iubenda WordPress plugin versions prior to 3.3.3

Description The issue affects the iubenda WordPress plugin, where a lack of authorization and CSRF protection in an AJAX action, combined with insufficient validation of options to be updated, allows any authenticated user to grant themselves elevated privileges. This could include privileges such as edit plugins.

Recommendations For versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or ensuring that only trusted users have authenticated access to the system until the update can be applied.