cleantalk
Vulnerabilities and Security Researches

Portfolio and Projects, CVE-2023-40200

CVE, Research URL

CVE-2023-40200

Home page URL

Security reports for Portfolio and Projects

Application

Portfolio and Projects

Published on
-
Research Description
Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.
Affected versions
max 1.3.7.
Status
vulnerable
Previous vulnerability researches
F4 Post Tree (CVE-2025-22499) , Jan 14, 2025
F4 Post Tree (CVE-2023-33999) , Jun 12, 2026
F4 Post Tree (dc8292346e8ea518acc1e92aee14e1233fcd3a68) , Jun 07, 2024
New vulnerability
Divi Testimonial Plus (CVE-2023-33999) , Jun 13, 2026
Menu Image, Icons made easy (CVE-2023-33999) , Jun 13, 2026
WP News and Scrolling Widgets (CVE-2023-33999) , Jun 13, 2026
WP News and Scrolling Widgets (CVE-2023-40200) , Jun 13, 2026
Translate WordPress and go Multilingual – Weglot (CVE-2023-33999) , Jun 13, 2026