4 matches found
CVE-2024-2019 WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
CVE-2024-2019 WP-DB-Table-Editor <= 1.8.4 - Missing Authorization to Authenticated(Contributor+) Database Access
The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbterender' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...
CVE-2024-2019
CVE-2024-2019 affects WP-DB-Table-Editor for WordPress. The Red Hat entry states the vulnerability arises from missing default capability checks on the dbte_render function in all versions up to 1.8.4, enabling authenticated attackers with contributor access and above to modify database tables co...
WordPress WP-DB-Table-Editor Plugin <= 1.8.4 is vulnerable to Broken Access Control
Software WP-DB-Table-Editor Type Plugin Vulnerable versions = 1.8.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2019 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d6649cd980cb Credits Francesco Carlucci Required...