CVE-2023-4213

Name of the Vulnerable Software and Affected Versions Simplr Registration Form Plus+ plugin for WordPress versions up to, and including, 2.4.5

Description The issue is related to Insecure Direct Object References, which allows user-controlled access to objects. This enables authenticated attackers with subscriber-level permissions or above to bypass authorization and access system resources, potentially changing user passwords and taking over administrator accounts.

Recommendations For versions up to, and including, 2.4.5, update to a version later than 2.4.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources and implementing additional authorization checks to minimize the risk of exploitation.