5 matches found
WordPress April Framework plugin <= 5.1 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin April Framework versions = 5.1...
WordPress Benaa Framework plugin <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...
WordPress Beyot Framework plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin Beyot Framework versions = 6.0.6...
CVE-2024-13420
creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14432 2025-05-02 07:34:42+00:00| seen| https://t.me/cvedetector/24317 2025-05-02 08:00:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7ptwoy2e...
CVE-2024-13420 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates
Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsfresetsectionoptions', 'gsfresetsectionoptions', 'gsfcreatepresetoptions' and more in various versions. This makes it possible for authenticated...