Enhanced Text Widget vulnerable to unauthorized modification of data
-
Enhanced Text Widget <= 1.6.2 – Missing Authorization via etw_hide_admin_notification_callback
Wordfence Intelligence
CVSS 5.3 (Medium)
Publicly Published December 1, 2023
Last Updated December 5, 2023
Researcher Abdi Pranata
Description
The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etw_hide_admin_notification_callback function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to hide admin notifications.References
patchstack.com
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Enhanced Text Widget vulnerable to unauthorized modification of data’ is closed to new replies.
