{"vulnerability": "CVE-2023-0328", "sightings": [{"uuid": "d32c47fd-da19-4c4f-874b-181cd0560613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0328", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/6688", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-0328\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).\n\ud83d\udccf Published: 2023-03-06T13:33:58.773Z\n\ud83d\udccf Modified: 2025-03-06T15:14:23.559Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/3c4318a9-a3c5-409b-a52e-edd8583c3c43", "creation_timestamp": "2025-03-06T16:07:10.000000Z"}, {"uuid": "62814a61-4797-4b48-bf31-eba1a9bb4172", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0328", "type": "seen", "source": "https://t.me/cibsecurity/59471", "content": "\u203c CVE-2023-0328 \u203c\n\nThe WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-06T16:12:44.000000Z"}]}