9 matches found
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
WordPress Royal Core plugin <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Tonn in WordPress Plugin Royal Core versions = 2.9.2...
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-12129
CVE-2024-12129 (Royal Core) is a WordPress plugin vulnerability affecting all versions up to 2.9.2 where a missing capability check in royal_restore_backup allows authenticated users with Subscriber+ to modify options and escalate privileges (e.g., setting the default registration role to adminis...
CVE-2024-12129 Royal Core <= 2.9.2 - Authenticated (Subscriber+) Arbitrary Options Update
The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royalrestorebackup' function in all versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with...
WordPress plugin Royal Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-1759 · WordPress · Royal Core
Name of the Vulnerable Software and Affected Versions: Royal Core plugin for WordPress versions up to, and including, 2.9.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site due to a missing capability...