4 matches found
CVE-2021-4335
creationtimestamp| type| source ---|---|--- 2023-10-20 12:35:05+00:00| seen| https://t.me/cibsecurity/72648...
CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...
CVE-2021-4335
CVE-2021-4335 (Fancy Product Designer for WordPress) involves a broken access-control issue in versions up to 4.6.9 where multiple AJAX actions lack proper capability checks. This allows authenticated users with subscriber-level privileges to modify plugin settings, access arbitrary order informa...
WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control
Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4335 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID b0afa15cabbe Credits Ramuel Gall Required...