Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.12 views

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

8.8CVSS6.7AI score0.01365EPSS
Exploits1References1
NVD
NVD
added 2024/02/05 10:15 p.m.36 views

CVE-2023-6985

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

8.8CVSS7AI score0.01365EPSS
Exploits1References2
Prion
Prion
added 2024/02/05 10:15 p.m.31 views

Design/Logic Flaw

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

6.5CVSS7.3AI score0.01365EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 9:21 p.m.22 views

CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

6.5CVSS7.3AI score0.01365EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.40 views

CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation

The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...

6.5CVSS8.7AI score0.01365EPSS
Exploits1References2
CVE
CVE
added 2024/02/05 9:21 p.m.75 views

CVE-2023-6985

CVE-2023-6985 affects the WordPress plugin 10Web AI Assistant (ai-assistant-by-10web) up to version 1.0.18. The root cause is a missing capability check on the install_plugin AJAX action, allowing authenticated attackers with subscriber-level access and above to install arbitrary plugins and pote...

8.8CVSS8.8AI score0.01365EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/01/26 12:0 a.m.16 views

WordPress 10Web AI Assistant Plugin <= 1.0.18 is vulnerable to Broken Access Control

Software 10Web AI Assistant Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6985 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64e97c95dab3 Credits Krzysztof Zając...

8.8CVSS6.4AI score0.01365EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder