3 matches found
CVE-2024-13801
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'bafsetnoticestatus' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated...
CVE-2024-13801 BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'bafsetnoticestatus' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated...
CVE-2024-13801
CVE-2024-13801 affects BWL Advanced FAQ Manager for WordPress. The vulnerability arises from a missing capability check on the baf_set_notice_status AJAX action, allowing authenticated users with Subscriber level or higher to modify options to value '1'. This can cause a denial of service by trig...