Lucene search
K

4 matches found

NVD
NVD
added 2024/07/09 9:15 a.m.27 views

CVE-2024-3608

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the productdesignerajaxdeleteattachid function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/09 8:33 a.m.23 views

CVE-2024-3608 Product Designer <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the productdesignerajaxdeleteattachid function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary...

5.3CVSS0.00562EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 8:33 a.m.53 views

CVE-2024-3608

CVE-2024-3608 affects the Product Designer plugin for WordPress. It enables unauthenticated attackers to delete arbitrary attachments due to a missing capability check in product_designer_ajax_delete_attach_id() in versions up to 1.0.33. The vulnerability status and exact impacted versions are do...

5.3CVSS6AI score0.00562EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.9 views

WordPress Product Designer Plugin <= 1.0.33 is vulnerable to Broken Access Control

Software Product Designer Type Plugin Vulnerable versions = 1.0.33 Fixed in 1.0.34 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3608 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7913547b43c1 Credits Lucio Sá Required privilege...

5.3CVSS5.2AI score0.00562EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder