3 matches found
CVE-2024-10092
creationtimestamp| type| source ---|---|--- 2024-10-26 10:38:28+00:00| seen| https://t.me/cvedetector/9019...
CVE-2024-10092 Download Monitor <= 5.0.12 - Missing Authorization to API Key Manipulation
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandleapikeyactions function in all versions up to, and including, 5.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Download Monitor Plugin <= 5.0.12 is vulnerable to Broken Access Control
Software Download Monitor Type Plugin Vulnerable versions = 5.0.12 Fixed in 5.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10092 Patch priority Low CVSS severity Low 5.4 Developer WPChill PSID 47be9fcd45fd Credits Trương Hữu Phúc truonghuuphuc...