Lucene search
K

4 matches found

Patchstack
Patchstack
added 2023/03/28 12:0 a.m.14 views

WordPress WP Shamsi Plugin <= 4.3.3 is vulnerable to Arbitrary File Deletion

Software WP Shamsi Type Plugin Vulnerable versions = 4.3.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2023-0335 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 28e13116883e Credits Lana Codes Required privilege...

6.5CVSS6.8AI score0.01003EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2023/03/27 3:37 p.m.55 views

CVE-2023-0335

The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...

6.5CVSS6.7AI score0.01003EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/03/27 3:37 p.m.43 views

CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.9AI score0.01003EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.7 views

CVE-2023-0335 WP Shamsi <= 4.3.3 - Subscriber+ Attachment Deletion

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment...

6.7AI score0.01003EPSS
Exploits2References1
Rows per page
Query Builder