3 matches found
CVE-2023-6966 The Moneytizer <= 9.6.3 - Missing Authorization via multiple AJAX actions
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/coreajax.php file in all versions up to, and including, 9.6.3. This makes it possible for...
CVE-2023-6966
The Moneytizer WordPress plugin (The Moneytizer) is vulnerable in versions up to 9.5.20 due to a missing capability check in core_ajax.php across multiple AJAX functions. This allows authenticated users with subscriber privileges and higher to view/update billing and bank details, adjust plugin s...
CVE-2024-5609
CVE-2024-5609 is a rejected candidate; reference CVE-2023-6966 instead.