PT-2023-16468 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save state function, allowing authenticated attackers with subscriber-level permissions and...

PT-2023-16472 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax edit folder function, allowing authenticated attackers with subscriber-level permissions an...

PT-2023-16471 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax clone folder function, allowing authenticated attackers with subscriber-level permissions a...

PT-2023-16453 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax unassign folders function, which allows authenticated attackers with subscriber-level...

PT-2023-16476 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save folder order function, which allows authenticated attackers with subscriber-level...

VulnCheck KEV: CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

CVE-2023-0712

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0719

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0718 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0718 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0718

The CVE-2023-0718 entry relates to the Wicked Folders WordPress plugin. A missing capability check in the ajax_save_folder function (affected versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions and above to perform administrator-level actions such as...

CVE-2023-0712

The CVE-2023-0712 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_move_object function allows authenticated users with subscriber-level permissions and above to bypass authorization and perform administrator-level actions (e.g., modifying the plugin’s fo...

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

CVE-2023-0713

CVE-2023-0713 affects the WordPress Wicked Folders plugin. The root cause is a missing capability check on the ajax_add_folder function, enabling an authenticated user with subscriber-level permissions or higher to perform administrator-level actions (modify the plugin’s folder structure). The vu...

PT-2023-16469 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax move object function, allowing authenticated attackers with subscriber-level permissions an...

CVE-2023-0556

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...