3 matches found
CVE-2024-5863 Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaximagecollage function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-5863
CVE-2024-5863 affects the Easy Image Collage WordPress plugin. The issue is a missing capability check in ajax_image_collage() across versions up to and including 1.13.5, allowing authenticated users with Contributor-level access and above to erase content in arbitrary posts (data loss). Wordfenc...
WordPress Easy Image Collage Plugin <= 1.13.5 is vulnerable to Broken Access Control
Software Easy Image Collage Type Plugin Vulnerable versions = 1.13.5 Fixed in 1.13.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5863 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9f1bcb932e47 Credits Lucio Sá Required privile...