4 matches found
CVE-2024-1376
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...
CVE-2024-1376 Event post <= 5.9.4 - Missing Authorization
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the savebulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, with subscriber access or higher, to update...
CVE-2024-1376
CVE-2024-1376 affects the WordPress plugin Event post by WordPress.org, where a missing capability check in the save_bulkdatas function allowed authenticated users with subscriber-level access or higher to bulk-update post_meta_data in all versions up to and including 5.9.4. The Red Hat and Wordf...
WordPress Event post Plugin <= 5.9.4 is vulnerable to Broken Access Control
Software Event post Type Plugin Vulnerable versions = 5.9.4 Fixed in 5.9.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1376 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d039cca5619c Credits Francesco Carlucci Required privile...