2 matches found
CVE-2023-4728
The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...
CVE-2023-4728
CVE-2023-4728 concerns the LadiApp WordPress plugin. The issue is a missing capability check in publish_lp(), exposed via an AJAX action, allowing authenticated users with subscriber-level access or higher to modify the LadiPage key and create pages. This can enable stored XSS by pages created th...