CVE-2023-2764

Name of the Vulnerable Software and Affected Versions Draw Attention plugin for WordPress versions up to, and including, 2.0.11

Description The issue allows authenticated attackers with subscriber-level permissions and above to modify data by changing the featured image of arbitrary posts using an image from the media library. This is due to a missing capability check on the ajax set featured image function.

Recommendations For Draw Attention plugin for WordPress versions up to, and including, 2.0.11, update to a version higher than 2.0.11 to resolve the issue. As a temporary workaround, consider restricting subscriber-level permissions to minimize the risk of exploitation.