3 matches found
CVE-2024-9587
creationtimestamp| type| source ---|---|--- 2024-10-11 16:10:30+00:00| seen| https://t.me/cvedetector/7660...
CVE-2024-9587 Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX
The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxlinkz' function in versions up to, and including, 1.1.8. This makes it possible for authenticated attackers with contributor-level privileges or above, to update plug...
WordPress Linkz.ai Plugin <= 1.1.8 is vulnerable to Broken Access Control
Software Linkz.ai Type Plugin Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9587 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 00b01a60baf6 Credits István Márton Required privilege...