121 matches found
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Cross site request forgery (csrf)
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...
CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1649
CVE-2024-1649 affects the Categorify plugin for WordPress. The vulnerability arises from a missing capability check in categorifyAjaxDeleteCategory, affecting all versions up to and including 1.0.7.4. This allows authenticated users with subscriber-level access and above to delete categories. The...
CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1650
CVE-2024-1650: WordPress Categorify plugin (up to 1.0.7.4) suffers missing authorization in categorifyAjaxRenameCategory, enabling authenticated users with subscriber+ rights to rename categories. PatchStack notes vulnerability in versions
CVE-2024-1910
The CVE concerns WordPress Categorify plugin (Categorify – WordPress Media Library Category & File Manager). Affected versions: all up to and including 1.0.7.4. Root cause: missing or incorrect nonce validation in the categorifyAjaxClearCategory function, enabling Cross-Site Request Forgery. Effe...
CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...
CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...
CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1906 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...
CVE-2024-1906
CVE-2024-1906 – Categorify (WordPress) CSRF in categorifyAjaxAddCategory Affects: Categorify – WordPress Media Library Category & File Manager plugin for WordPress (all versions up to 1.0.7.4).Root cause: Missing or incorrect nonce validation in categorifyAjaxAddCategory.Impact: Unauthenticated a...
CVE-2024-1652
The CVE CVE-2024-1652 affects the Categorify – WordPress Media Library Category & File Manager plugin (versions <= 1.0.7.4). The root cause is a missing capability/authorization check in categorifyAjaxClearCategory, allowing authenticated users with subscriber-level access and above to clear c...