CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2024-1710

creationtimestamp| type| source ---|---|--- 2024-02-26 17:42:24+00:00| seen| https://t.me/ctinow/193546 2024-03-14 03:21:38+00:00| seen| https://t.me/ctinow/207394...

CVE-2024-1710

The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WordPress Addon Library Plugin <= 1.3.76 is vulnerable to Arbitrary File Upload

Software Addon Library Type Plugin Vulnerable versions = 1.3.76 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-1710 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b052d391256e Credits Lucio Sá Required privilege Subscriber...

CVE-2024-1710

CVE-2024-1710 pertains to WordPress Addon Library plugin where a missing capability check on the onAjaxAction function allows authenticated users with subscriber-level access (and higher) to perform several unauthorized actions, including uploading arbitrary files, across all versions up to 1.3.7...