3 matches found
CVE-2024-6000
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'displayticketthemespage' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...
CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload
The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'displayticketthemespage' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...
WordPress FooEvents for WooCommerce Plugin <= 1.19.20 is vulnerable to Arbitrary File Upload
Software FooEvents for WooCommerce Type Plugin Vulnerable versions = 1.19.20 Fixed in 1.19.21 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6000 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 712d717f0e84 Credits István Márton Required...