5 matches found
CVE-2024-2222
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...
CVE-2024-2222
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...
CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion
The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber...
CVE-2024-2222
CVE-2024-2222 (Advanced Classifieds & Directory Pro for WordPress) : Vulnerability due to a missing capability check in ajax_callback_delete_attachment across all versions up to 3.0.0. This allows authenticated users with subscriber+ access to delete arbitrary media uploads, i.e., unauthorized da...
WordPress Advanced Classifieds & Directory Pro Plugin <= 3.0.0 is vulnerable to Broken Access Control
Software Advanced Classifieds & Directory Pro Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2222 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0df0ba101fff Credits Lucio Sá...