4 matches found
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...
CVE-2021-24752
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...
CVE-2021-24752
CVE-2021-24752 affects multiple CatchThemes plugins that fail capability and CSRF checks in the ctp_switch AJAX action. This allows any authenticated user (e.g., Subscriber) to alter plugin settings for: Essential Widgets (≤1.9), To Top (≤2.3), Header Enhancement (≤1.5), Generate Child Theme (≤1....
CVE-2021-24752 Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change
Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essential Widgets WordPress plugin before 1.9, To Top WordPress plugin before 2.3, Header Enhancement...