5 matches found
CVE-2024-37232
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5...
CVE-2024-37232 WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5...
CVE-2024-37232 WordPress Hercules Core plugin <= 6.5 - Subscriber+ Arbitrary Settings Change/Access vulnerability
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5...
CVE-2024-37232
CVE-2024-37232 is a Missing Authorization vulnerability in Hercules Core (affected: versions n/a through 6.5) that allows exploitation through misconfigured Access Control settings, enabling unauthorized updates to core settings. The issue originates from an authority check flaw that fails to pro...
WordPress Hercules Core Plugin <= 6.5 is vulnerable to Settings Change
Software Hercules Core Type Plugin Vulnerable versions = 6.5 Fixed in 6.7 OWASP Top 10 A1: Broken Access Control Classification Settings Change CVE CVE-2024-37232 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1152267cf25e Credits Dave Jong Patchstack Required privilege...