3 matches found
CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization
The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...
CVE-2024-3602
CVE-2024-3602 – Promolayer popup builder for WordPress is vulnerable to an unauthorized plugin settings update due to a missing capability check in the disconnect_promolayer function in versions up to 1.1.0. This allows authenticated attackers with subscriber access or higher to remove the Promol...
WordPress Promolayer Plugin <= 1.1.0 is vulnerable to Broken Access Control
Software Promolayer Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3602 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db7856cf6e2a Credits Lucio Sá Required privilege Subscribe...