The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_set_featured_image function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the featured image of arbitrary posts with an image that exists in the media library.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-09T05:33:11.613Z
Updated: 2024-08-02T06:33:05.391Z
Reserved: 2023-05-17T16:02:05.108Z
Link: CVE-2023-2764
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-09T06:16:11.573
Modified: 2023-11-07T04:13:16.620
Link: CVE-2023-2764
Redhat
No data.