10Web Map Builder for Google Maps < 1.0.74 – Missing Authorization to Notice Dismissal | CVE 2023-45272 | Plugin Vulnerabilities

Description

The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwd_bp_install_notice_status function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to dismiss installation notices.

Affects Plugins

Fixed in 1.0.74

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/63666c16-9f68-4a27-b163-4c25f0a7589e

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

54be12a0-28ac-479b-b522-1e00dd4b1aa4

Timeline

Publicly Published

2023-09-13 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2023-12-12 (about 2 years ago)

Other

Published

Title

Published

2026-04-16

Title

WP Statistics < 14.16.5 - Subscriber+ Sensitive Information Exposure and Privacy Audit Manipulation

Published

2026-02-09

Title

Business One Page < 1.3.3 - Missing Authorization

Published

2026-01-28

Title

ModelTheme Framework < 2.0.0 - Missing Authorization

Published

2024-10-24

Title

Bold Page Builder < 5.1.4 - Missing Authorization

Published

2026-03-20

Title

Canto < 3.1.2 - Missing Authorization to Unauthenticated File Upload