Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

CVE-2024-1906 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

CVE-2024-1906

CVE-2024-1906 – Categorify (WordPress) CSRF in categorifyAjaxAddCategory Affects: Categorify – WordPress Media Library Category & File Manager plugin for WordPress (all versions up to 1.0.7.4).Root cause: Missing or incorrect nonce validation in categorifyAjaxAddCategory.Impact: Unauthenticated a...

CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-1909

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

CVE-2024-1909 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

CVE-2024-1909

The Categorify WordPress plugin (Categories/Media Library) is affected by a CSRF vulnerability (CVE-2024-1909) due to missing nonce validation in the categorifyAjaxRenameCategory path. Affected versions are up to 1.0.7.4. The issue allows unauthenticated attackers to rename categories by triggeri...

CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

CVE-2024-1907 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

CVE-2024-1653

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2024-1907

CVE-2024-1907 relates to the WordPress Categorify plugin. The connected documents confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the categorifyAjaxDeleteCategory function, affecting all versions up to and including 1.0.7.4. This allows unauthenticated attackers to...

CVE-2024-1653 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...