3 matches found
CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...
CVE-2023-2351
The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...
WordPress WP Directory Kit Plugin <= 1.2.3 is vulnerable to Broken Access Control
Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2351 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID ab7cb35f6371 Credits Lana Codes Required privile...