CVE-2023-3053: 
WordPress vulnerability analysis and mitigation

The Page Builder by AZEXO plugin for WordPress (versions up to 1.27.133) contains a vulnerability identified as CVE-2023-3053, discovered in June 2023. The vulnerability stems from a missing capability check on the 'azhaddpost' function, which affects the plugin's authorization system (NVD, WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium) according to NIST, and 5.4 (Medium) according to Wordfence. The vulnerability exists due to improper authorization in the plugin's post creation functionality, specifically in the azhaddpost ajax action (NVD).

The vulnerability allows authenticated attackers, even those with minimal privileges such as Subscriber role, to create posts with any post type and status, bypassing intended authorization restrictions. This could potentially lead to unauthorized content creation and modification within the WordPress installation (WPScan).

The vulnerability has been addressed in subsequent versions of the plugin. Users are advised to update their Page Builder by AZEXO plugin to a version newer than 1.27.133 to mitigate this security issue (NVD).