OTWthemes Widget Manager Light Missing Authorization Vulnerability Allowing Broken Access Control
Vulnerability
A broken access control vulnerability has been identified in the OTWthemes Widget Manager Light plugin, affecting versions through 1.18. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions or changes.
Impact
Exploitation of this vulnerability could allow an unauthenticated user to perform actions or access features that require higher privileges, due to the lack of proper authorization checks.
Remediation
Users of the OTWthemes Widget Manager Light plugin are advised to apply the available virtual patch from Patchstack, which blocks attacks targeting this vulnerability. For those seeking to remove the vulnerability entirely, consider deactivating the plugin and replacing it with an alternative, as this software is likely abandoned and will not receive further updates.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.