CVE-2023-3325

CVE-2023-3325 : The CMS Commander plugin for WordPress (versions ≤ 2.287) has an authorization bypass caused by a non-unique cryptographic signature on cmsc_add_site, enabling unauthenticated attackers to modify the _cmsc_public_key and gain access to the plugin’s remote-control capabilities (e.g...