3 matches found
CVE-2024-1108
The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admininit function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can...
CVE-2024-1108
CVE-2024-1108 affects the WordPress plugin Plugin Groups. Root cause: missing capability check in admin_init() for versions up to and including 2.0.6. Impact per sources: unauthenticated attackers can modify plugin settings and misconfiguration may cause denial of service. Exploitation status is ...
WordPress Plugin Groups Plugin <= 2.0.6 is vulnerable to Broken Access Control
Software Plugin Groups Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1108 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8c882f834af1 Credits Francesco Carlucci Require...