SUSE: Security Advisory (SUSE-SU-2023:0720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0720

creationtimestamp| type| source ---|---|--- 2023-02-08 07:23:52+00:00| seen| https://t.me/cibsecurity/57749...

CVE-2023-0720

The CVE-2023-0720 entry concerns the Wicked Folders WordPress plugin. A missing capability check in ajax_save_folder_order in versions up to and including 2.18.16 enables authorization bypass for authenticated users with subscriber-level or higher privileges, allowing actions intended for adminis...

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0720 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID a7a279fd02cf Credits Marco Wotschka Requir...