4 matches found
CVE-2023-2280
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-2280
CVE-2023-2280 affects the WordPress plugin WP Directory Kit. The issue is a missing capability check in the ajax_public function, enabling unauthenticated attackers to perform data-altering actions: delete or modify plugin settings, import demo data, delete related posts/terms, and install arbitr...
CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...
WordPress WP Directory Kit Plugin <= 1.2.2 is vulnerable to Broken Access Control
Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2280 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 56684d930e16 Credits WordFence Required privileg...