2 matches found
CVE-2024-3607
The CVE-2024-3607 entry concerns the PropertyHive WordPress plugin. The vulnerability arises from a missing capability check in the delete_key_date() function across all versions up to 2.0.12, allowing authenticated attackers with subscriber-level access and above to delete arbitrary posts. The r...
WordPress PropertyHive Plugin <= 2.0.12 is vulnerable to Broken Access Control
Software PropertyHive Type Plugin Vulnerable versions = 2.0.12 Fixed in 2.0.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 20b9880edd45 Credits Lucio Sá Required privilege...