4 matches found
CVE-2024-5977
creationtimestamp| type| source ---|---|--- 2024-07-19 13:42:10+00:00| seen| https://t.me/cvedetector/1212...
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...
WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Insecure Direct Object References (IDOR)
Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5977 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 3e3c50f20b4c Credits Thanh Nam Tra...