3 matches found
CVE-2024-6167
creationtimestamp| type| source ---|---|--- 2024-07-09 11:49:47+00:00| seen| https://t.me/cvedetector/277...
CVE-2024-6167
The CVE-2024-6167 issue in the Just Custom Fields WordPress plugin is a missing capability check in several admin AJAX functions, enabling authenticated users with Subscriber-level access (and above) to invoke admin‑only functionality such as managing field groups and item visibility. Affected ve...
WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Broken Access Control
Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6167 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 899cda063365 Credits Francesco Carlucci Required...