cve/2023/CVE-2023-0551.md

### [CVE-2023-0551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0551)
![](https://img.shields.io/static/v1?label=Product&message=REST%20API%20TO%20MiniProgram&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)

### Description

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

### POC

#### Reference
- https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-0551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0551)`
			`![](https://img.shields.io/static/v1?label=Product&message=REST%20API%20TO%20MiniProgram&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)`

			`### Description`

			`The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/de162a46-1fdb-47b9-9a61-f12a2c655a7d`

			`#### Github`
			`No PoCs found on GitHub currently.`