3 matches found
CVE-2021-4448
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...
CVE-2021-4448 Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...
CVE-2021-4448
Summary (CVE-2021-4448) Kaswara Modern VC Addons for WordPress is affected up to version 3.0.1 by an authorization bypass due to insufficient capability checks on multiple AJAX actions. This allows unauthenticated attackers to perform unauthorized actions such as importing data and uploading or d...