3 matches found
CVE-2024-9307
CVE-2024-9307 affects the mFolio Lite WordPress plugin. The vulnerability is due to a missing capability check in all versions up to 1.2.1, allowing authenticated attackers with Author-level access or higher to upload SVGs/EXEs and inject scripts that execute on page load or file access, with pot...
CVE-2024-9307 mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files
The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute...
WordPress mFolio Lite Plugin <= 1.2.1 is vulnerable to Broken Access Control
Software mFolio Lite Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9307 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID 19ba5b646cd3 Credits Francesco Carlucci Required...