5 matches found
CVE-2023-6751
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
CVE-2023-6751
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
CVE-2023-6751
The CVE-2023-6751 vulnerability affects the Hostinger WordPress plugin and allows unauthenticated attackers to update plugin settings by exploiting a missing capability check in publish_website. Affected versions are all up to and including 1.9.7; impact includes enabling/disabling maintenance mo...
CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...
WordPress Hostinger Plugin <= 1.9.7 is vulnerable to Broken Access Control
Software Hostinger Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6751 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 4fa08c339ad7 Credits Lucio Sá Required privilege...