3 matches found
CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2024-12855 AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...
CVE-2024-12855
CVE-2024-12855: AdForest WordPress theme (AdForest) is vulnerable due to a missing capability check on multiple AJAX actions (e.g., sb_remove_ad) across versions up to 5.1.7, allowing authenticated users with Subscriber-level access and above to delete posts/attachments and deactivate a license. ...