3 matches found
CVE-2024-1178
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178
CVE-2024-1178 affects the WordPress plugin SportsPress – Sports Club & League Manager . The issue is a missing capability check in the settings_save() function, enabling unauthenticated modification of data (permalink structure) in all versions up to and including 2.7.17. The CVSS base score is 5...
WordPress SportsPress – Sports Club & League Manager Plugin <= 2.7.17 is vulnerable to Broken Access Control
Software SportsPress – Sports Club & League Manager Type Plugin Vulnerable versions = 2.7.17 Fixed in 2.7.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1178 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f2c7c572664c Credits...