Exploit for Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints (CVE-2023-32117)
Description:
The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.