Security Advisory

CVE-2023-6066

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-15 15:10:43

Last updated 2026-01-09 21:02:03

Assigner WPScan

State PUBLISHED

Description

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

← Browse all CVEs View on cve.org ↗