WordPress Rich Text Editor Plugin Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the WordPress Rich Text Editor plugin, specifically in versions through 1.0.1. This vulnerability arises from missing authorization checks, allowing unprivileged users to exploit incorrectly configured access control levels and perform actions reserved for higher privileges.

Impact

Exploitation of this vulnerability could allow an unprivileged user to perform actions that require higher privileges, potentially leading to unauthorized changes or access within the application.

Remediation

Users of the WordPress Rich Text Editor plugin are advised to apply the available virtual patch from Patchstack, which blocks attacks targeting this vulnerability. For those seeking to remove the vulnerability entirely, consider replacing the plugin with an alternative, as this plugin is likely abandoned and will not receive further updates.