2 matches found
CVE-2024-13412
creationtimestamp| type| source ---|---|--- 2025-03-19 07:49:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8031 2025-03-19 08:42:07+00:00| seen| https://bsky.app/profile/potato.software/post/3lkprzjya2g2r 2025-03-19 10:28:11+00:00| seen| https://t.me/cvedetector/20628 2025-03-19...
CVE-2024-13412 CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler
The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions...