WordPress WPCode - Insert Headers and Footers Plugin < 2.0.7 Improper Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

CVE-2023-0328

creationtimestamp| type| source ---|---|--- 2023-03-06 16:12:44+00:00| seen| https://t.me/cibsecurity/59471 2025-03-06 16:07:10+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6688...

CVE-2023-0328

The CVE-2023-0328 entry concerns the WPCode WordPress plugin before version 2.0.7, where insufficient privilege checks exist for several AJAX actions that only validate a nonce. This can allow any authenticated user with post-editing rights to invoke WPCode Library authentication endpoints, poten...

CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

WordPress WPCode Plugin < 2.0.7 is vulnerable to Broken Access Control

Software WPCode Type Plugin Vulnerable versions 2.0.7 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0328 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec0db54dded4 Credits Sanjay Das Required privilege Contributor...