CVE-2024-6688 Oxygen Builder <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update

The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Oxygen Builder plugin <= 4.8.3 - Missing Authorization to Authenticated (Subscriber+) Stylesheet Update vulnerability

Missing Authorization to Authenticated Subscriber+ Stylesheet Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Oxygen Builder versions = 4.8.3...