CVE-2023-0328

Name of the Vulnerable Software and Affected Versions WPCode WordPress plugin versions prior to 2.0.7

Description The issue arises from inadequate privilege checks for several AJAX actions in the WPCode WordPress plugin, where only the nonce is checked. This may allow any authenticated user who can edit posts to call endpoints related to WPCode Library authentication, such as updating and deleting the auth key.

Recommendations For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the WPCode Library authentication endpoints until the update is applied.