14 matches found
CVE-2023-0958
creationtimestamp| type| source ---|---|--- 2023-07-28 12:29:34+00:00| seen| https://t.me/cibsecurity/67370...
CVE-2023-0958
CVE-2023-0958 affects WordPress plugins developed by Inisev that expose an inisev_installation AJAX action. The root cause is a missing capability check in the handle_installation function, enabling an authenticated attacker with minimal privileges (e.g., a subscriber) to install select Inisev pl...
CVE-2023-0958 Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function
Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for authenticated attackers with...
WordPress Clone Plugin <= 2.3.7 is vulnerable to Broken Access Control
Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 17cafe8314cd Credits WordFence Required privilege Subscriber...
WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Broken Access Control
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 09b1cc5d23e4 Credits WordFence Required...
WordPress Duplicate Post Plugin <= 1.3.9 is vulnerable to Broken Access Control
Software Duplicate Post Type Plugin Vulnerable versions = 1.3.9 Fixed in 1.4.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c8c2c9580bd9 Credits WordFence Required privilege...
WordPress SSL Mixed Content Fix Plugin <= 3.2.3 is vulnerable to Broken Access Control
Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f6d89bad3ca9 Credits WordFence Required...
WordPress Social Share Icons & Social Share Buttons Plugin <= 3.5.7 is vulnerable to Broken Access Control
Software Social Share Icons & Social Share Buttons Type Plugin Vulnerable versions = 3.5.7 Fixed in 3.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 70d3b475ed6b Credits...
WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Broken Access Control
Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 805c41b36a96 Credits WordFence Required...
WordPress RSS Redirect & Feedburner Alternative Plugin <= 3.7 is vulnerable to Broken Access Control
Software RSS Redirect & Feedburner Alternative Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e5bdc6d7d15 Credits WordFence...
WordPress Pop-up Plugin <= 1.1.9 is vulnerable to Broken Access Control
Software Pop-up Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6c527b0974ca Credits WordFence Required privilege Subscriber...
WordPress Backup Migration Plugin <= 1.2.7 is vulnerable to Broken Access Control
Software Backup Migration Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3aab82cdff1 Credits WordFence Required privilege...
WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Broken Access Control
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 65c113fe970b Credits WordFence Required...
WordPress Enhanced Text Widget Plugin <= 1.5.7 is vulnerable to Broken Access Control
Software Enhanced Text Widget Type Plugin Vulnerable versions = 1.5.7 Fixed in 1.5.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0958 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2f1a0df14a11 Credits WordFence Required...