The vulnerability of the public_website() function in the Hostinger plugin for WordPress content management systems allows attackers to increase their privileges.

The vulnerability of the publicwebsite function in the Hostinger content management system’s WordPress plugin is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...

WordPress Hostinger Plugin <= 1.9.7 is vulnerable to Broken Access Control

Software Hostinger Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6751 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 4fa08c339ad7 Credits Lucio Sá Required privilege...

PT-2023-8309 · Hostinger · Hostinger Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Hostinger plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to the public website function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a...