3 matches found
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...
CVE-2023-2547
CVE-2023-2547 concerns the Feather Login Page WordPress plugin. A missing capability check in the plugin’s deleteUser path (versions 1.0.7 through 1.1.1) allows authenticated users with subscriber-level permissions and above to delete the plugin’s temporary users, constituting a broken access con...
WordPress Feather Login Page Plugin 1.0.7-1.1.1 is vulnerable to Broken Access Control
Software Feather Login Page Type Plugin Vulnerable versions 1.0.7-1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2547 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3a04b33e4415 Credits Lana Codes Requir...