2 matches found
CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stmhbdelete function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to...
WordPress Pearl Plugin <= 1.3.7 is vulnerable to Broken Access Control
Software Pearl Type Plugin Vulnerable versions = 1.3.7 Fixed in 1.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5468 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 816d74377350 Credits Lucio Sá Required privilege...