Portfolio and Projects, CVE-2023-40200

CVE, Research URL: CVE-2023-40200
Home page URL: Security reports for Portfolio and Projects
Application: Portfolio and Projects
Published on: -
Research Description: Multiple WPOnlineSupport plugins for WordPress are vulnerable to unauthorized modification of data due to a missing capability check on the wpos_anylc_admin_init_process() function hooked via admin_init in various versions. This makes it possible for unauthenticated attackers to dismiss a license notice.
Affected versions: Min -, max 1.3.7.
Status: vulnerable