5 matches found
CVE-2023-0889
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...
CVE-2023-0889 TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...
CVE-2023-0889
CVE-2023-0889 affects Themeflection Numbers WordPress plugin pre-2.0.1. The vulnerability arises from missing authorization and CSRF checks in an AJAX action and failure to verify that updated options belong to the plugin, enabling any authenticated user (e.g., Subscriber) to update arbitrary blo...
CVE-2023-0889 TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...
WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control
Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...