3 matches found
CVE-2024-5641
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-5641 One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cedocorsavegeneralsetting' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress One Click Order Re-Order Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software One Click Order Re-Order Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5641 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a046b0fddb6b Credits Lucio Sá...