3 matches found
WordPress Attesa Extra Plugin <= 1.4.2 is vulnerable to Broken Access Control
Software Attesa Extra Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5de7d31066fa Credits Francesco...
CVE-2024-10688 Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-10688 Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure
The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...