7 matches found
CVE-2023-6985
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...
CVE-2023-6985
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...
Design/Logic Flaw
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...
CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...
CVE-2023-6985 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation
The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with...
CVE-2023-6985
CVE-2023-6985 affects the WordPress plugin 10Web AI Assistant (ai-assistant-by-10web) up to version 1.0.18. The root cause is a missing capability check on the install_plugin AJAX action, allowing authenticated attackers with subscriber-level access and above to install arbitrary plugins and pote...
WordPress 10Web AI Assistant Plugin <= 1.0.18 is vulnerable to Broken Access Control
Software 10Web AI Assistant Type Plugin Vulnerable versions = 1.0.18 Fixed in 1.0.19 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6985 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 64e97c95dab3 Credits Krzysztof Zając...