Lucene search
K

4 matches found

NVD
NVD
added 2023/06/09 6:16 a.m.22 views

CVE-2023-2764

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS4.4AI score0.00508EPSS
Exploits0References3
CVE
CVE
added 2023/06/09 5:33 a.m.47 views

CVE-2023-2764

The Draw Attention plugin for WordPress (CVE-2023-2764) is affected (versions up to 2.0.11). A missing capability check in ajax_set_featured_image enables authenticated users with subscriber-level permissions and above to alter the featured image of arbitrary posts using images from the media lib...

4.3CVSS4.7AI score0.00508EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.25 views

CVE-2023-2764 Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification

The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...

4.3CVSS4.7AI score0.00508EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/31 12:0 a.m.12 views

WordPress Draw Attention Plugin <= 2.0.11 is vulnerable to Broken Access Control

Software Draw Attention Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2764 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 38c9e02b7556 Credits Alex Thomas Required...

4.3CVSS6.8AI score0.00508EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder