CVE-2023-7019
MEDIUMLightStart <= 2.6.8 - Authenticated Data Modification via Missing Capability Check
Title source: llmDescription
The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs.
References (2)
Core 2
Core References
Scores
CVSS v3
4.3
EPSS
0.0032
EPSS Percentile
24.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
themeisle/lightstart
< 2.6.8
themeisle/LightStart – Maintenance Mode, Coming Soon and Landing Page Builder
< 2.6.8
Published
Jan 11, 2024
Tracked Since
Feb 18, 2026