WordPress Plugin Vulnerabilities

Accordions < 2.0.3 - Unauthenticated Arbitrary Options Update

Description

The plugin does not have any authorisation in a REST endpoint, which could allow unauthenticated users to update arbitrary WordPress options

Affects Plugins

Plugin icon
accordions-or-faqs
Fixed in 2.0.3

References

CVE
CVE-2022-33198

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
m0ze
Verified
Yes
WPVDB ID
bb97ca7f-e81a-43f3-a1fa-d780fa270793

Timeline

Publicly Published
2022-06-30 (about 3 years ago)
Added
2022-07-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2025-04-04
Title
SurveyJS < 1.12.57 - Missing Authorization
Published
2026-01-23
Title
UPI QR Code Payment Gateway for WooCommerce < 1.6.1 - Missing Authorization
Published
2024-08-12
Title
Smart Online Order for Clover < 1.5.7 - Missing Authorization
Published
2026-03-31
Title
Royal Elementor Addons < 1.7.1057 - Unauthenticated Missing Authorization
Published
2025-11-07
Title
Course Booking System < 6.1.6 - Missing Authorization to Unauthenticated Booking Data Export