9 matches found
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
WordPress Royal Core plugin <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin Royal Core versions = 2.9.2...
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129
CVE-2024-12129 (Royal Core) is a WordPress plugin vulnerability affecting all versions up to 2.9.2 where a missing capability check in royal_restore_backup allows authenticated users with Subscriber+ to modify options and escalate privileges (e.g., setting the default registration role to adminis...
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
PT-2025-1759 · WordPress · Royal Core
Name of the Vulnerable Software and Affected Versions: Royal Core plugin for WordPress versions up to, and including, 2.9.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability...
WordPress plugin Royal Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...