4 matches found
WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion
Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...
CVE-2023-0335
The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...
CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...
CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...