CVE-2023-6751

Name of the Vulnerable Software and Affected Versions Hostinger plugin for WordPress versions up to, and including, 1.9.7

Description The issue is related to the public website() function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a remote attacker to elevate their privileges. The vulnerability is due to a missing capability check on the publish website function, making it possible for unauthenticated attackers to update plugin settings, such as enabling and disabling maintenance mode.

Recommendations For versions up to, and including, 1.9.7, update to a version that includes a fix for the missing capability check on the publish website function. As a temporary workaround, consider restricting access to the publish website function until a patch is available.