9 matches found
CVE-2023-6279
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
Code injection
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...
PT-2024-14923 · WordPress · Woostify Sites Library
Name of the Vulnerable Software and Affected Versions: Woostify Sites Library WordPress plugin versions prior to 1.4.8 Description: The issue concerns a lack of authorization in an AJAX action, allowing any authenticated users to update arbitrary blog options and set them to 'activated'. This cou...
WordPress plugin Woostify Sites Library security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name Login as subscriber, open...
WordPress Woostify Sites Library Plugin <= 1.4.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Woostify Sites Library Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4828367192f4 Credits István Márto...