3 matches found
CVE-2024-7380 Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...
CVE-2024-7380 Geo Controller <= 8.7.3 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajaxgeolocatemenu and ajaxgeolocateremovemenu functions in all versions up to, and including, 8.7.3. This makes it possible for authenticated attackers, with...
WordPress Geo Controller Plugin <= 8.7.3 is vulnerable to Broken Access Control
Software Geo Controller Type Plugin Vulnerable versions = 8.7.3 Fixed in 8.7.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-7380 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c241dd8210b8 Credits Lucio Sá Required privilege...