3 matches found
CVE-2023-4213
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...
CVE-2023-4213
CVE-2023-4213 concerns the WordPress plugin Simplr Registration Form Plus+ (up to version 2.4.5). The vulnerability is an Insecure Direct Object Reference (IDOR) that lets an authenticated user with subscriber-level permissions or higher access objects controlled by the user, bypass authorization...
CVE-2023-4213 Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it...