5 matches found
CVE-2023-1414
creationtimestamp| type| source ---|---|--- 2023-04-24 22:19:36+00:00| seen| https://t.me/cibsecurity/62744 2025-02-06 02:41:37+00:00| seen| Telegram/uZR7u1f1Xy6z12pFpV72Kl5uDDeqPfNW4k-CGy1LWWK6piHs...
CVE-2023-1414
CVE-2023-1414 affects WP VR WordPress plugin prior to 8.3.0. Patchstack details indicate a Broken Access Control vulnerability requiring Subscriber privileges, allowing an authenticated user to perform arbitrary tour updates. The issue is fixed in version 8.3.0; remediation is to upgrade to 8.3.0...
CVE-2023-1414 WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update
The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours...
CVE-2023-1414 WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update
The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours...
WordPress WP VR Plugin < 8.3.0 is vulnerable to Broken Access Control
Software WP VR Type Plugin Vulnerable versions 8.3.0 Fixed in 8.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1414 Patch priority Medium CVSS severity Medium 4.3 Developer WPFunnels Team PSID 08ad2733ea1e Credits Erwan LR WPScan Required privilege...