3 matches found
CVE-2023-1597
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves ...
CVE-2023-1597 tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves ...
WordPress tagDiv Cloud Library Plugin < 2.7 is vulnerable to Privilege Escalation
Software tagDiv Cloud Library Type Plugin Vulnerable versions 2.7 Fixed in 2.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2023-1597 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d62f2f7e76e8 Credits Truoc Pha...