3 matches found
WordPress WP Radio – Worldwide Online Radio Stations Directory for WordPress Plugin <= 3.1.9 is vulnerable to Broken Access Control
Software WP Radio – Worldwide Online Radio Stations Directory for WordPress Type Plugin Vulnerable versions = 3.1.9 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1042 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership...
CVE-2024-1042 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions
The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for authenticated...
CVE-2024-1042
CVE-2024-1042 affects the WP Radio plugin for WordPress (versions up to 3.1.9). Description shows unauthorized modification of data via missing capability checks on several AJAX actions, allowing authenticated users with subscriber+ privileges to import stations, remove countries, and alter plugi...