2 matches found
CVE-2021-24788
The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user including simple subscribers can add/set/delete arbitrary categories to posts...
CVE-2021-24788
The CVE-2021-24788 entry concerns the WordPress Batch Cat plugin (versions up to 0.3). Documents explicitly state that the plugin defines three custom AJAX actions requiring authentication but accessible to all roles, allowing any authenticated user (including subscribers) to add, set, or delete ...