3 matches found
CVE-2024-3609
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...
CVE-2024-3609 ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...
WordPress ReviewX Plugin <= 1.6.27 is vulnerable to Broken Access Control
Software ReviewX Type Plugin Vulnerable versions = 1.6.27 Fixed in 1.6.28 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3609 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ba8ab4855491 Credits Lucio Sá Required privilege Subscrib...