13 matches found
CVE-2025-66076
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...
CVE-2025-66076
The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...
WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...
CVE-2023-6279
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
Code injection
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
WordPress plugin Woostify Sites Library security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-14923 · WordPress · Woostify Sites Library
Name of the Vulnerable Software and Affected Versions: Woostify Sites Library WordPress plugin versions prior to 1.4.8 Description: The issue concerns a lack of authorization in an AJAX action, allowing any authenticated users to update arbitrary blog options and set them to 'activated'. This cou...
Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name Login as subscriber, open...
WordPress Woostify Sites Library Plugin <= 1.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Woostify Sites Library Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4828367192f4 Credits István Márto...