6 matches found
CVE-2022-46796
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25...
CVE-2022-46796
creationtimestamp| type| source ---|---|--- 2024-12-13 14:59:15+00:00| seen| https://infosec.exchange/users/cve/statuses/113646105704402889...
CVE-2022-46796 WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability
Missing Authorization vulnerability in VillaTheme CURCY woo-multi-currency allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through = 2.1.25...
CVE-2022-46796 WordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerability
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25...
CVE-2022-46796
CVE-2022-46796 affects the WordPress CURCY plugin (VillaTheme CURCY) up to version 2.1.25. The root cause is missing/broken authorization checks enabling unauthenticated users to change plugin settings (Broken Access Control). Reported impact is unauthenticated plugin settings changes, with CVSS ...
WordPress CURCY Plugin <= 2.1.25 is vulnerable to Broken Access Control
Software CURCY Type Plugin Vulnerable versions = 2.1.25 Fixed in 2.1.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-46796 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1511c5726b64 Credits Muhammad Daffa Required privile...