3 matches found
CVE-2024-13449
creationtimestamp| type| source ---|---|--- 2025-01-25 08:29:54+00:00| seen| https://infosec.exchange/users/cve/statuses/113888054096536678 2025-01-25 09:04:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/3071 2025-01-25 12:09:15+00:00| seen| https://t.me/cvedetector/16385...
CVE-2024-13449 Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...
CVE-2024-13449 Boom Fest <= 2.2.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update
The Boom Fest plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bfadminaction' function in all versions up to, and including, 2.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to updat...