5 matches found
CVE-2023-4023
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger...
CVE-2023-4023
creationtimestamp| type| source ---|---|--- 2023-08-30 18:12:44+00:00| seen| https://t.me/cibsecurity/69452...
CVE-2023-4023 All Users Messenger <= 1.24 - Subscriber+ Message Deletion via IDOR
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger...
CVE-2023-4023
CVE-2023-4023 – All Users Messenger (WordPress) vulnerability : The All Users Messenger plugin (≤1.24) allows non-administrator users with Subscriber privileges to delete messages due to missing access control (IDOR). Descriptions across connected sources confirm the issue as a broken-access-cont...
WordPress All Users Messenger Plugin <= 1.24 is vulnerable to Broken Access Control
Software All Users Messenger Type Plugin Vulnerable versions = 1.24 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4023 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db4d05aa5b71 Credits Dmitrii Ignatyev Required...