5 matches found
CVE-2023-7268
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...
CVE-2023-7268 ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...
CVE-2023-7268 ArtPlacer Widget < 2.21.2 - Subscriber+ Arbitrary Widget Deletion
The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets...
CVE-2023-7268
The CVE concerns the ArtPlacer Widget WordPress plugin before version 2.21.2, which has no authorization check when deleting widgets. This vulnerability allows any authenticated user (e.g., a subscriber) to delete arbitrary widgets, representing a potential access control issue. Affected software...
WordPress ArtPlacer Widget Plugin < 2.21.2 is vulnerable to Broken Access Control
Software ArtPlacer Widget Type Plugin Vulnerable versions 2.21.2 Fixed in 2.21.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-7268 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 225caa001d36 Credits Bob Matyas Required privilege...