4 matches found
CVE-2024-13716
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsettingscallback function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-13716
The CVE relates to the WordPress Forex Calculators plugin. Multiple sources confirm a missing capability check in the ajax_settings_callback() path, enabling authenticated attackers with Subscriber-level access and above to modify plugin settings. Affected versions are up to 1.3.5 (per CVE detail...
CVE-2024-13716 Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsettingscallback function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2024-13716 Forex Calculators <= 1.3.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsettingscallback function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and...