2 matches found
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference
The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...
WordPress Replace Image Plugin <= 1.1.10 is vulnerable to Broken Access Control
Software Replace Image Type Plugin Vulnerable versions = 1.1.10 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-4873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 262021d9f7c1 Credits Jin Hao Chan Required privilege...