5 matches found
CVE-2024-1370
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-1370
CVE-2024-1370 affects the WordPress Maintenance Page plugin. A missing capability check in the subscribe_download AJAX handler in all versions up to 1.0.8 allows authenticated users with subscriber access or higher to download a CSV with subscriber emails. Affected versions: ≤1.0.8; impact is inf...
CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-1370 Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access...
WordPress Maintenance Page Plugin <= 1.0.8 is vulnerable to Broken Access Control
Software Maintenance Page Type Plugin Vulnerable versions = 1.0.8 Fixed in 1.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1370 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d5a894ccce46 Credits Francesco Carlucci Required...