PT-2023-22758 · Azexo · The Page Builder By Azexo

István Márton

Published

2023-06-02

Updated

2023-06-09

CVE-2023-3053

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions The Page Builder by AZEXO plugin for WordPress versions up to, and including, 1.27.133

Description The issue allows authenticated attackers to create a post with any post type and post status due to a missing capability check on the azh add post function. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 1.27.133, consider disabling the azh add post function until a patch is available to prevent unauthorized data modification.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-3053

Affected Products

The Page Builder By Azexo

PT-2023-22758 · Azexo · The Page Builder By Azexo

CVE-2023-3053

Weakness Enumeration

Related Identifiers

Affected Products

References · 6