2 matches found
CVE-2024-0900 Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation
The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJAX in all...
WordPress Elespare Plugin <= 2.1.2 is vulnerable to Broken Access Control
Software Elespare Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0900 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f7ab94a6cab5 Credits Lucio Sá Required privilege Subscribe...