3 matches found
CVE-2024-9586
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checkauth' and 'checklogout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings...
CVE-2024-9586 Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checkauth' and 'checklogout' functions in versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to update plugin settings...
WordPress Linkz.ai Plugin <= 1.1.8 is vulnerable to Broken Access Control
Software Linkz.ai Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9586 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d8f2af1c96f3 Credits István Márton Required privilege...