mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-04 18:08:00 +02:00
0xMarcio
952 B
952 B
CVE-2023-7019
Description
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.
POC
Reference
No PoCs from references.