3 matches found
CVE-2023-2174
The CVE-2023-2174 entry concerns the BadgeOS WordPress plugin. A missing capability check in the function delete_badgeos_log_entries allows authenticated users with subscriber-level permissions and above to modify the plugin’s data by deleting log entries. This affects BadgeOS versions up to and ...
CVE-2023-2174 BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
CVE-2023-2174 BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...