CVE-2023-3052

Name of the Vulnerable Software and Affected Versions The Page Builder by AZEXO plugin for WordPress versions up to, and including, 1.27.133

Description The issue is due to missing or incorrect nonce validation on the azh add post, azh duplicate post, azh update post, and azh remove post functions. This allows unauthenticated attackers to create, modify, and delete posts via a forged request if they can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 1.27.133, update to a version that includes the fix for the missing or incorrect nonce validation in the azh add post, azh duplicate post, azh update post, and azh remove post functions. As a temporary workaround, consider restricting access to these functions until a patch is available.