CVE-2023-5251

Description

The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the grid_plus_save_layout_callback and grid_plus_delete_callback functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. CVE-2023-34014 appears to be a duplicate of this issue.