2 matches found
CVE-2023-1979 Auth bypass in Web Stories for WordPress plugin
The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability ...
CVE-2023-1979
CVE-2023-1979 affects the Web Stories for WordPress plugin. The issue allows users with the WordPress Author role to bypass password-protection permission checks when duplicating password-protected stories in the plugin’s dashboard, exposing protected content. The vulnerability was fixed by upgra...