3 matches found
WordPress Smart Slider 3 Plugin <= 3.5.1.22 is vulnerable to Broken Access Control
Software Smart Slider 3 Type Plugin Vulnerable versions = 3.5.1.22 Fixed in 3.5.1.23 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3027 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c46698c777af Credits Christiaan Swiers YouGina...
CVE-2024-3027 Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to uploa...
CVE-2024-3027
CVE-2024-3027 : The WordPress Smart Slider 3 plugin (all versions up to 3.5.1.22) contains a missing capability check in the upload function, allowing authenticated attackers with contributor-level access or higher to upload arbitrary files (including SVG). This can enable stored cross-site scrip...