WP Custom Admin Interface < 7.32 – Missing Authorization via wpcai_pro_notice_disable | CVE 2023-47763 | Plugin Vulnerabilities

Description

The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the wpcai_pro_notice_disable function in versions up to, and including, 7.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins.

Affects Plugins

wp-custom-admin-interface

Fixed in 7.32

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/8b040f47-b126-4640-9fc5-bda8650f6c69

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

2d066f32-5e0e-4793-92c5-730f892b84ce

Timeline

Publicly Published

2023-11-13 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2025-03-14

Title

School Management System – WPSchoolPress < 2.2.17 - Missing Authorization to Arbitrary User Deletion

Published

2026-02-17

Title

YayMail < 4.3.3 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint

Published

2023-10-25

Title

kk Star Ratings < 5.4.6 - Missing Authorization

Published

2021-10-05

Title

Perfect Survey < 1.5.2 - Unauthorised AJAX Call to Stored XSS / Survey Settings Update

Published

2024-04-25

Title

Master Addons for Elementor < 2.0.5.6 - Missing Authorization on Duplicate Post