CVE-2023-4730

Name of the Vulnerable Software and Affected Versions LadiApp plugin for WordPress versions up to and including 4.3

Description The issue allows unauthorized modification of data due to a missing capability check on the init endpoint() function. This enables unauthenticated attackers to modify various settings, including the ladipage key, which can be used to create new posts on the website and inject malicious web scripts.

Recommendations For versions up to and including 4.3, update to a version that includes a fix for the missing capability check on the init endpoint() function. As a temporary workaround, consider disabling the init endpoint() function until a patch is available. Restrict access to the ladipage key setting to minimize the risk of exploitation.