2 matches found
PT-2025-33736 · WordPress · Jonkastonka Cookies/Content Security Policy
Name of the Vulnerable Software and Affected Versions: jonkastonka Cookies and Content Security Policy plugin versions through 2.29 Description: Incorrect access control in the AJAX endpoint functionality allows remote attackers to cause a denial of service database server resource exhaustion via...
CVE-2023-0441
The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enab...