4 matches found
CVE-2023-4600
creationtimestamp| type| source ---|---|--- 2023-08-30 16:12:14+00:00| seen| https://t.me/cibsecurity/69419...
CVE-2023-4600
AffiliateWP for WordPress (CVE-2023-4600) is affected up to version 2.14.0 and can be exploited by authenticated users with subscriber-level access to activate arbitrary plugins due to a missing capability check in affwp_activate_addons_page_plugin invoked via AJAX. Evidence from multiple sources...
CVE-2023-4600
The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...
WordPress AffiliateWP Plugin 2.14.0 is vulnerable to Broken Access Control
Software AffiliateWP Type Plugin Vulnerable versions 2.14.0 Fixed in 2.14.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4600 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 02e3f82aa1f5 Credits István Márton Required privilege...