4 matches found
CVE-2023-0713
creationtimestamp| type| source ---|---|--- 2023-02-08 00:24:20+00:00| seen| https://t.me/cibsecurity/57709...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0713 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74dfca7bfe3c Credits Marco Wotschka Requir...
CVE-2023-0713
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0713
CVE-2023-0713 affects the WordPress Wicked Folders plugin. The root cause is a missing capability check on the ajax_add_folder function, enabling an authenticated user with subscriber-level permissions or higher to perform administrator-level actions (modify the plugin’s folder structure). The vu...