Lucene search
K

4 matches found

NVD
NVD
added 2024/05/24 7:15 a.m.23 views

CVE-2024-1376

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/24 6:42 a.m.29 views

CVE-2024-1376 Event post <= 5.9.4 - Missing Authorization

The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References2
CVE
CVE
added 2024/05/24 6:42 a.m.58 views

CVE-2024-1376

CVE-2024-1376 affects the WordPress plugin Event post by WordPress.org, where a missing capability check in the save_bulkdatas function allowed authenticated users with subscriber-level access or higher to bulk-update post_meta_data in all versions up to and including 5.9.4. The Red Hat and Wordf...

4.3CVSS4.7AI score0.0028EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.11 views

WordPress Event post Plugin <= 5.9.4 is vulnerable to Broken Access Control

Software Event post Type Plugin Vulnerable versions = 5.9.4 Fixed in 5.9.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1376 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d039cca5619c Credits Francesco Carlucci Required privile...

4.3CVSS6.5AI score0.0028EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder