4 matches found
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-2764
The Draw Attention plugin for WordPress (CVE-2023-2764) is affected (versions up to 2.0.11). A missing capability check in ajax_set_featured_image enables authenticated users with subscriber-level permissions and above to alter the featured image of arbitrary posts using images from the media lib...
CVE-2023-2764 Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
WordPress Draw Attention Plugin <= 2.0.11 is vulnerable to Broken Access Control
Software Draw Attention Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2764 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 38c9e02b7556 Credits Alex Thomas Required...