2 matches found
CVE-2023-3956
CVE-2023-3956 affects the InstaWP Connect WordPress plugin (versions up to and including 0.0.9.18). The vulnerability stems from a missing capability check in the events_receiver function, enabling unauthenticated attackers to add, modify, or delete posts and taxonomies, install/activate/deactiva...
WordPress InstaWP Connect Plugin <= 0.0.9.18 is vulnerable to Broken Access Control
Software InstaWP Connect Type Plugin Vulnerable versions = 0.0.9.18 Fixed in 0.0.9.19 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3956 Patch priority High CVSS severity High 9.8 Developer InstaWP PSID 2b066ee4e3c0 Credits Lana Codes Required privilege...