Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:52 a.m.13 views

CVE-2023-2280

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...

6.5CVSS6.7AI score0.00601EPSS
Exploits0References1
CVE
CVE
added 2023/06/09 5:33 a.m.57 views

CVE-2023-2280

CVE-2023-2280 affects the WordPress plugin WP Directory Kit. The issue is a missing capability check in the ajax_public function, enabling unauthenticated attackers to perform data-altering actions: delete or modify plugin settings, import demo data, delete related posts/terms, and install arbitr...

6.5CVSS5.1AI score0.00601EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.31 views

CVE-2023-2280 WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxpublic' function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to delete or change plugin...

6.5CVSS6.8AI score0.00601EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/04 12:0 a.m.15 views

WordPress WP Directory Kit Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2280 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 56684d930e16 Credits WordFence Required privileg...

6.5CVSS6.5AI score0.00601EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder