3 matches found
CVE-2024-1516
The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrar...
CVE-2024-1516
CVE-2024-1516 : WP eCommerce for WordPress suffers unauthorized arbitrary post creation due to a missing capability check in check_for_saas_push() in all versions up to 3.15.1. The vulnerability is exploitable by unauthenticated actors to create posts with arbitrary content. Technical details spe...
WordPress WP eCommerce Plugin <= 3.15.1 is vulnerable to Broken Access Control
Software WP eCommerce Type Plugin Vulnerable versions = 3.15.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1516 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7c529550d022 Credits Krzysztof Zając Required privilege...