3 matches found
CVE-2024-3897
CVE-2024-3897 affects the WordPress plugin Popup Box – Best WordPress Popup Plugin (ays-popup-box) up to version 4.3.6. The vulnerability arises from a missing capability check on the ays_pb_create_author AJAX action, allowing unauthenticated attackers to enumerate all registered emails. MITRE/AT...
CVE-2024-3897 Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure
The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all...
WordPress Popup box Plugin <= 4.3.6 is vulnerable to Broken Access Control
Software Popup box Type Plugin Vulnerable versions = 4.3.6 Fixed in 4.3.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3897 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a8831019ec23 Credits Krzysztof Zając Required privilege...