WordPress Plugin Vulnerabilities

Word Replacer Pro <= 1.0 - Missing Authorization

Description

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
word-replacer-ultra
No known fix

References

CVE
CVE-2023-52229
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bd31e8b0-6089-4521-a80f-e65e61ad062f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
thiennv
Verified
No
WPVDB ID
850f1084-b69a-4a12-8b25-9286c8cbf1a6

Timeline

Publicly Published
2024-01-08 (about 2 years ago)
Added
2024-01-15 (about 2 years ago)
Last Updated
2024-01-15 (about 2 years ago)

Other

Published
Title
Published
2026-05-13
Title
WP Encryption - One Click SSL & Force HTTPS < 7.8.5.11 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering
Published
2025-01-16
Title
Delete All Posts <= 1.1.1 - Missing Authorization
Published
2024-02-07
Title
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn
Published
2025-11-20
Title
UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
Published
2025-01-24
Title
Bridge Core < 3.3.1 - Missing Authorization