4 matches found
CVE-2024-3893 Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticate...
CVE-2024-3893
CVE-2024-3893 affects the Classified Listing – Classified ads & Business Directory Plugin for WordPress. A missing capability check in the rtcl_fb_gallery_image_delete AJAX action allows authenticated users with subscriber-level access and above to delete arbitrary attachments on all versions up ...
CVE-2024-3893 Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticate...
WordPress Classified Listing Plugin <= 3.0.10.3 is vulnerable to Broken Access Control
Software Classified Listing Type Plugin Vulnerable versions = 3.0.10.3 Fixed in 3.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3893 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 79fa3de2925e Credits Lucio Sá Required...