5 matches found
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdpaddnewdatepickerajax function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-3895
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in wpdp_add_new_datepicker_ajax() across all versions up to 2.1.0. Authenticated attackers with subscriber-level access and above can update arbitrary options that may lead ...
WordPress WP Datepicker Plugin <= 2.1.0 is vulnerable to Privilege Escalation
Software WP Datepicker Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.1.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3895 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9dd2e88f0ed7 Credits Lucio Sá...
$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On April 14th, 2024, during our Bug Extravaganza, we received a...