2 matches found
CVE-2024-5997 Duplica <= 0.6 - Authenticated (Subscriber+) Missing Authorization to Users/Posts Duplicates Creation
The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicateuser and duplicatepost functions in all versions up to, and including, 0.6. This makes it possible for authenticate...
WordPress Duplica Plugin <= 0.6 is vulnerable to Broken Access Control
Software Duplica Type Plugin Vulnerable versions = 0.6 Fixed in 0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5997 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d89afd960c6 Credits Lucio Sá Required privilege Subscriber...