3 matches found
CVE-2024-5677
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...
CVE-2024-5677 Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload
The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the figsaveaftergenerateimage function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access an...
WordPress Featured Image Generator Plugin <= 1.3.1 is vulnerable to Broken Access Control
Software Featured Image Generator Type Plugin Vulnerable versions = 1.3.1 Fixed in 1.3.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5677 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41e2183b7298 Credits Lucio Sá Required...