4 matches found
CVE-2024-2543
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
CVE-2024-2543
The CVE-2024-2543 entry concerns the Permalink Manager Lite WordPress plugin. A missing capability check in get_uri_editor affects all versions up to 2.4.3.1, enabling unauthenticated attackers to view permalinks for all posts. Remediation: upgrade to 2.4.3.2 or later (patched in that version).
WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Broken Access Control
Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01746b8cad8b Credits Muhammad Zeeshan...