CVE-2024-1108

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

CVE-2024-1108

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

Design/Logic Flaw

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

CVE-2024-1108 Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

CVE-2024-1108

CVE-2024-1108 affects the WordPress plugin Plugin Groups. Root cause: missing capability check in admin_init() for versions up to and including 2.0.6. Impact per sources: unauthenticated attackers can modify plugin settings and misconfiguration may cause denial of service. Exploitation status is ...

CVE-2024-1108 Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service

The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...

WordPress Plugin Plugin Groups Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Groups Plugin <= 2.0.6 is vulnerable to Broken Access Control

Software Plugin Groups Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1108 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8c882f834af1 Credits Francesco Carlucci Require...

Plugin Groups < 2.0.7 - Missing Authorization to Unauthenticated Denial of Service

Description The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin,...

PT-2024-16743 · WordPress · Plugin Groups

Name of the Vulnerable Software and Affected Versions: Plugin Groups plugin for WordPress versions up to, and including, 2.0.6 Description: The issue is related to a missing capability check on the admin init function, which allows unauthenticated attackers to modify the plugin's settings. This c...

New Advanced Dynamic Scan Policy Template in Nessus 8

According to Nessus 8.1.0 release notes, Tenable finally solved the problem with Mixed Plugin groups. At least partially. I will briefly describe the problem. Let's say we found out that some Nessus plugins crash our target systems. This happens rarely, but it happens. So, we decided to disable...