Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2023/02/08 1:11 a.m.11 views

CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS6.6AI score0.00576EPSS
Exploits0References3
CVE
CVE
added 2023/02/08 1:11 a.m.56 views

CVE-2023-0715

CVE-2023-0715 affects the WordPress plugin Wicked Folders up to version 2.18.16 . The root cause is a missing capability check in the ajax_clone_folder function, enabling authenticated users with subscriber-level permissions and above to perform administrator-level actions, such as modifying the ...

5.4CVSS4.7AI score0.00576EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/02/08 1:11 a.m.30 views

CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS5.5AI score0.00576EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.22 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0715 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID bf9e7164b8aa Credits Marco Wotschka Requir...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder