VYPR
Medium severity4.3NVD Advisory· Published Mar 12, 2024· Updated Jun 17, 2026No known patch

CVE-2023-4626

CVE-2023-4626

Description

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WordPress/LadiAppllm-create
    Range: <=4.3
  • binhnguyenplus/LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing…v5
    Range: 4.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.