3 matches found
CVE-2024-13800
creationtimestamp| type| source ---|---|--- 2025-02-12 05:00:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113989151204757259 2025-02-12 05:16:02+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6tnayf2i 2025-02-12 06:48:42+00:00| seen|...
CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...
CVE-2024-13800
The CVE-2024-13800 entry concerns the WordPress ConvertPlus plugin. A missing capability check on the cp_dismiss_notice AJAX endpoint allows authenticated users with Subscriber-level access and above to perform unauthorized modifications of data, enabling updates to option values (to '1') that ca...