4 matches found
CVE-2023-2495
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...
CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...
CVE-2023-2495
CVE-2023-2495 concerns the Greeklish-permalink WordPress plugin (≤ 3.3). The vulnerability arises from missing authorization/nonce checks in the cyrtrans_ajax_old AJAX action, enabling unauthenticated and low-privilege users to trigger the plugin’s slug-changing function, directly or via CSRF. Th...
WordPress Greeklish-permalink Plugin <= 3.3 is vulnerable to Privilege Escalation
Software Greeklish-permalink Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2495 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fc7e9236dbd8 Credits Jonas Höbenreich Required...