Lucene search
K

5 matches found

NVD
NVD
added 2023/04/17 1:15 p.m.18 views

CVE-2023-0889

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.5CVSS6.4AI score0.00301EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/04/17 12:17 p.m.27 views

CVE-2023-0889 TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.6AI score0.00301EPSS
Exploits2References1
CVE
CVE
added 2023/04/17 12:17 p.m.53 views

CVE-2023-0889

CVE-2023-0889 affects Themeflection Numbers WordPress plugin pre-2.0.1. The vulnerability arises from missing authorization and CSRF checks in an AJAX action and failure to verify that updated options belong to the plugin, enabling any authenticated user (e.g., Subscriber) to update arbitrary blo...

6.5CVSS6.7AI score0.00301EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/17 12:17 p.m.6 views

CVE-2023-0889 TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.4AI score0.00301EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/03/30 12:0 a.m.9 views

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

6.5CVSS6.4AI score0.00301EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder