Lucene search
WPScanCVELIST:CVE-2023-1597HistoryJul 10, 2023 - 12:40 p.m.
CVE-2023-1597 tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
2023-07-1012:40:40
WPScan
www.cve.org
cve-2023-1597
unauthenticated access
arbitrary user metadata
privilege escalation
authorization bypass
cross-site request forgery
wordpress plugin
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.
CNA Affected
[
{
"vendor": "Unknown",
"product": "tagDiv Cloud Library",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.7"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2023-1597
2023-07-10 16:15:48
prion
prion
Cross site request forgery (csrf)
2023-07-10 16:15:00
cve
cve
CVE-2023-1597
2023-07-10 16:15:48
wpvulndb
wpvulndb
wpexploit
wpexploit
wordfence
wordfence