CVE-2023-3053 MEDIUM

CVE-2023-3053: Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation

Vendor Azexo
Product Page Builder with Image Map by AZEXO
Weakness CWE-862 · Missing authorization
Published June 2, 2023
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.

Key dates

02Disclosure timeline

June 2, 2023 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures) CVE-2025-31377 WordPress Woo Product Feed For Marketing Channels plugin <= 1.9.0 - Broken Access Control Vulnerability CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability CVE-2026-53818 OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback CVE-2025-32244 WordPress SEO Help plugin <= 6.7.9 - Broken Access Control vulnerability