Lucene search
K

4 matches found

Circl
Circl
added 2023/10/20 12:35 p.m.5 views

CVE-2021-4335

creationtimestamp| type| source ---|---|--- 2023-10-20 12:35:05+00:00| seen| https://t.me/cibsecurity/72648...

6.3CVSS7.2AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.40 views

CVE-2021-4335 Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with...

6.3CVSS6.2AI score0.00401EPSS
Exploits0References2
CVE
CVE
added 2023/10/20 6:35 a.m.39 views

CVE-2021-4335

CVE-2021-4335 (Fancy Product Designer for WordPress) involves a broken access-control issue in versions up to 4.6.9 where multiple AJAX actions lack proper capability checks. This allows authenticated users with subscriber-level privileges to modify plugin settings, access arbitrary order informa...

6.3CVSS5.9AI score0.00401EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.11 views

WordPress Fancy Product Designer Plugin <= 4.6.9 is vulnerable to Broken Access Control

Software Fancy Product Designer Type Plugin Vulnerable versions = 4.6.9 Fixed in 4.7.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-4335 Patch priority High CVSS severity High 6.3 Developer Claim ownership PSID b0afa15cabbe Credits Ramuel Gall Required...

6.3CVSS6.5AI score0.00401EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder