2 matches found
CVE-2024-6688
The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxysavecssfromadmin AJAX action in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Oxygen Builder Plugin <= 4.8.3 is vulnerable to Broken Access Control
Software Oxygen Builder Type Plugin Vulnerable versions = 4.8.3 Fixed in 4.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6688 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 05a98a111db4 Credits Francesco Carlucci Required...