3 matches found
CVE-2024-10786
creationtimestamp| type| source ---|---|--- 2024-11-16 02:30:56+00:00| seen| https://infosec.exchange/users/cve/statuses/113490280837505655 2024-11-16 05:12:10+00:00| seen| https://t.me/cvedetector/11202...
CVE-2024-10786 Simple Local Avatars <= 2.7.11 - Missing Authorization to Authenticated (Subscriber+) User Cache Clearing
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the slaclearusercache function in all versions up to, and including, 2.7.11. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Simple Local Avatars Plugin <= 2.7.11 is vulnerable to Broken Access Control
Software Simple Local Avatars Type Plugin Vulnerable versions = 2.7.11 Fixed in 2.8.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10786 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 717b24faeea4 Credits Trương Hữu Phúc...