CVE-2023-0712
The CVE-2023-0712 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_move_object function allows authenticated users with subscriber-level permissions and above to bypass authorization and perform administrator-level actions (e.g., modifying the plugin’s fo...