2 matches found
WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to Broken Access Control
Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3237 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5a31149e9135 Credits M.Awad Required privilege...
CVE-2024-3237
CVE-2024-3237 affects ConvertPlug/ConvertPlus for WordPress: all versions up to 3.5.25 lack a capability check in cp_dismiss_notice(), enabling authenticated users with subscriber-level access and higher to modify arbitrary options to true. Red Hat and Wordfence references confirm the vulnerabili...