4 matches found
CVE-2024-9215
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
CVE-2024-9215 Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors <= 4.7.1 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary User Email Update and Account Takeover
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the actioneditedauthor due to missing...
WordPress PublishPress Authors Plugin <= 4.7.1 is vulnerable to Privilege Escalation
Software PublishPress Authors Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A4: Insecure Design Classification Privilege Escalation CVE CVE-2024-9215 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID dc9bff13d8f2 Credits wesley wcraft Required...