2 matches found
WordPress Youzify plugin <= 1.3.0 - Missing Authorization to Arbitrary (Subscriber+) Attachment Deletion vulnerability
Missing Authorization to Arbitrary Subscriber+ Attachment Deletion vulnerability discovered by Francesco Carlucci in WordPress Plugin Youzify versions = 1.3.0...
CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...