WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability
CVE-2022-46796
6.5MEDIUM
What is CVE-2022-46796?
The vulnerability in the VillaTheme CURCY plugin arises from a missing authorization mechanism, allowing attackers to exploit incorrectly configured access control security levels. This issue affects all versions of CURCY up to and including 2.1.25, enabling unauthorized modification of plugin settings. This can lead to potential security breaches, compromising the integrity of websites utilizing this plugin.
Affected Version(s)
CURCY <= 2.1.25