2 matches found
CVE-2023-0684
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0684
The CVE refers to the Wicked Folders WordPress plugin. A missing capability check in the ajax_unassign_folders function (affecting versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions or higher to perform administrator-level actions such as changing t...