Lucene search
+L

5 matches found

NVD
NVD
added 2024/06/08 5:15 a.m.27 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS0.00347EPSS
Exploits0References4
OSV
OSV
added 2024/06/08 5:15 a.m.7 views

CVE-2024-5770

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.3CVSS5.8AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 2024/06/08 4:32 a.m.55 views

CVE-2024-5770

CVE-2024-5770 concerns the WP Force SSL & HTTPS SSL Redirect WordPress plugin. According to the connected Red Hat advisory, versions up to and including 1.66 are affected by a missing capability check in the ajax_save_setting function, enabling authenticated users with subscriber-level permission...

4.3CVSS4.4AI score0.00347EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/08 4:32 a.m.14 views

CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update

The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-level permission...

4.2CVSS6.5AI score0.00347EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.13 views

WordPress WP Force SSL & HTTPS SSL Redirect Plugin <= 1.66 is vulnerable to Broken Access Control

Software WP Force SSL & HTTPS SSL Redirect Type Plugin Vulnerable versions = 1.66 Fixed in 1.67 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5770 Patch priority Low CVSS severity Low 4.2 Developer WebFactory Ltd. PSID 7f10441c7ef7 Credits Foxyyy Require...

4.3CVSS6.5AI score0.00347EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder