3 matches found
CVE-2023-2556
CVE-2023-2556 involves the WPCS – WordPress Currency Switcher Professional plugin for WordPress (≤ 1.1.9). The vulnerability is a missing capability check in the wpcs_sd_delete action, enabling authenticated users with subscriber-level permissions and above to delete an arbitrary custom drop-down...
CVE-2023-2556 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcssddelete action in versions up to, and including, 1.1.9. This makes it possible for authenticated...
WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control
Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...