10 matches found
CVE-2023-4153
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
EUVD-2023-54033
Malicious code in bioql PyPI...
CVE-2023-4153
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
CVE-2023-4153
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
Design/Logic Flaw
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
CVE-2023-4153
The CVE-2023-4153 entry concerns the BAN Users WordPress plugin (versions
WordPress plugin BAN Users security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress BAN Users Plugin <= 1.5.3 is vulnerable to Privilege Escalation
Software BAN Users Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-4153 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ec1ffb5bed37 Credits Lana Codes...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete 1 categories or 2 groups; 3 ban users; or 4 delete users via the admin page...
CVE-2008-6905
Cross-site request forgery CSRF vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete 1 categories or 2 groups; 3 ban users; or 4 delete users via the admin page...