WebinarIgnition < 3.05.1 – Missing Authorization to Unauthenticated Privilege Escalation | CVE 2023-51424 | Plugin Vulnerabilities

Description

The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.05.0. This makes it possible for unauthenticated attackers to escalate their privileges.

Affects Plugins

webinar-ignition

Fixed in 3.05.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/24517dc6-4995-48ee-9b02-5c7c29d359f6

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

466dd896-3e75-4d1f-abcb-0c6a38151bef

Timeline

Publicly Published

2023-12-27 (about 2 years ago)

Added

2024-01-05 (about 2 years ago)

Last Updated

2024-02-06 (about 2 years ago)

Other

Published

Title

Published

2024-01-10

Title

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

Published

2026-05-05

Title

Mercado Pago payments for WooCommerce < 8.7.12 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

Published

2026-02-13

Title

Powerpack for LearnDash < 1.3.0 - Unauthenticated Arbitrary Option Update

Published

2024-05-21

Title

ApplyOnline – Application Form Builder and Manager < 2.6.3 - Missing Authorization to Sensitive Information Exposure

Published

2024-01-31

Title

Load More Anything < 3.3.4 - Subscriber+ Settings Update