6 matches found
EUVD-2024-47267
Malicious code in bioql PyPI...
CVE-2024-6120
The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for authenticated attackers, with Subscriber-level access...
WordPress plugin Sparkle Demo Importer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-6120
CVE-2024-6120 affects the WordPress plugin Sparkle Demo Importer. Public details in connected docs confirm: all versions up to 1.4.7 are vulnerable due to a missing capability check in multiple functions, enabling authenticated attackers with Subscriber-level access (and above) to perform a destr...
WordPress Sparkle Demo Importer plugin <= 1.4.7 - Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability
Authenticated Post/Pages/Attachements Deletion and Demo Data Import vulnerability discovered by Lucio Sá in WordPress Plugin Sparkle Demo Importer versions = 1.4.7...
WordPress Sparkle Demo Importer Plugin <= 1.4.7 is vulnerable to Broken Access Control
Software Sparkle Demo Importer Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6120 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 65191ad4a953 Credits Lucio Sá Required...