CVE-2023-47661: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Dragfy Addons for Elementor plugin versions through 1.0.2. The vulnerability was discovered by Abdi Pranata and was assigned CVE-2023-47661 on November 7, 2023. The affected component is the WordPress plugin Dragfy Addons for Elementor, which contains a security flaw related to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The security issue specifically affects the save_settings function, which lacks proper capability checks, making it possible for authenticated users with subscriber-level access and above to modify the plugin's settings (WPScan).

The vulnerability allows authenticated attackers with subscriber-level access or higher to modify the plugin's settings without proper authorization. This broken access control issue could lead to unauthorized modification of data within the plugin's configuration (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects versions up to and including 1.0.2 of the Dragfy Addons for Elementor plugin (WPScan).