CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

WordPress Draw Attention Plugin <= 2.0.15 is vulnerable to Broken Access Control

Software Draw Attention Type Plugin Vulnerable versions = 2.0.15 Fixed in 2.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46616 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13d4f142d807 Credits thiennv Required privilege...

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

CVE-2023-2764

The Draw Attention plugin for WordPress (CVE-2023-2764) is affected (versions up to 2.0.11). A missing capability check in ajax_set_featured_image enables authenticated users with subscriber-level permissions and above to alter the featured image of arbitrary posts using images from the media lib...

PT-2023-21275 · WordPress · Draw Attention

Name of the Vulnerable Software and Affected Versions: Draw Attention plugin for WordPress versions up to, and including, 2.0.11 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by changing the featured image of arbitrary posts using...

WordPress Plugin Draw Attention 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Draw Attention Plugin <= 2.0.11 is vulnerable to Broken Access Control

Software Draw Attention Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2764 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 38c9e02b7556 Credits Alex Thomas Required...