31 matches found
Exploit for Missing Authorization in Content_Mask_Project Content_Mask
CVE-2022-1203 Content Mask 1.8.4 - Subscriber+ Arbitrary...
WordPress Content Mask plugin has an unspecified vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
CVE-2022-1203
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
WordPress plugin Content Mask 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...
CVE-2022-1203 Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...
CVE-2022-1203
The CVE-2022-1203 issue affects the Content Mask WordPress plugin, prior to version 1.8.4.1. The root cause is missing authorization and CSRF checks in various AJAX actions, plus failure to validate the updated option belongs to the plugin, enabling any authenticated user (e.g., subscriber) to mo...
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options PoC POST /wp-admin/admin-ajax.php...
Content Mask < 1.8.4.1 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options POST /wp-admin/admin-ajax.php...
WordPress Content Mask plugin <= 1.8.4 - Arbitrary Options Update vulnerability
Arbitrary Options Update vulnerability discovered by ptsfence in WordPress Content Mask plugin versions = 1.8.4. Solution Update the WordPress Content Mask plugin to the latest available version at least 1.8.4.1...