Lucene search
K

4 matches found

Circl
Circl
added 2024/07/19 1:42 p.m.7 views

CVE-2024-5977

creationtimestamp| type| source ---|---|--- 2024-07-19 13:42:10+00:00| seen| https://t.me/cvedetector/1212...

5.4CVSS4.8AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/19 11:1 a.m.12 views

CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS5.3AI score0.00428EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/19 11:1 a.m.38 views

CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. This makes it possible for authenticated...

5.4CVSS0.00428EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/19 12:0 a.m.12 views

WordPress GiveWP Plugin <= 3.13.0 is vulnerable to Insecure Direct Object References (IDOR)

Software GiveWP Type Plugin Vulnerable versions = 3.13.0 Fixed in 3.14.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-5977 Patch priority Low CVSS severity Low 5.4 Developer Liquid Web / StellarWP PSID 3e3c50f20b4c Credits Thanh Nam Tra...

5.4CVSS6.5AI score0.00428EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder