121 matches found
CVE-2025-59005 WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through = 1.0.7.5...
WordPress plugin Categorify 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-36814
Name of the Vulnerable Software and Affected Versions: frenify Categorify versions n/a through 1.0.7.5 Description: A missing authorization issue exists in frenify Categorify, allowing exploitation due to incorrectly configured access control security levels. Recommendations: Update frenify...
WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Categorify versions = 1.0.7.5...
CVE-2024-1910
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...
CVE-2024-1912
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...
CVE-2024-1907
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...
CVE-2024-1652
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1649
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1909
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...
CVE-2024-1906
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...
WordPress Categorify Plugin <= 1.0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Categorify Type Plugin Vulnerable versions = 1.0.7.4 Fixed in 1.0.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1906 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3807b96abd23 Credits Francesco Carlucci...
WordPress Categorify Plugin <= 1.0.7.4 is vulnerable to Broken Access Control
Software Categorify Type Plugin Vulnerable versions = 1.0.7.4 Fixed in 1.0.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1649 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ae42a7532dc2 Credits Francesco Carlucci Required...
CVE-2024-0385
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-0385
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Design/Logic Flaw
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-0385
CVE-2024-0385 affects the Categorify WordPress plugin (versions up to and including 1.0.7.4). The vulnerability arises from a missing capability/authorization check within the categorifyAjaxAddCategory function, enabling authenticated users with subscriber-level access and above to modify data (a...
WordPress Plugin Categorify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...