3 matches found
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0719 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 51b001d8b150 Credits Marco Wotschka Requir...
CVE-2023-0719
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0719
Summary (CVE-2023-0719) : The Wicked Folders WordPress plugin (versions ≤ 2.18.16) is vulnerable to broken access control due to a missing capability check in the ajax_save_sort_order function. This allows authenticated users with subscriber-level permissions and above to invoke administrator-lev...