9 matches found
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
WordPress Draw Attention Plugin <= 2.0.15 is vulnerable to Broken Access Control
Software Draw Attention Type Plugin Vulnerable versions = 2.0.15 Fixed in 2.0.16 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46616 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 13d4f142d807 Credits thiennv Required privilege...
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
CVE-2023-2764
The Draw Attention plugin for WordPress (CVE-2023-2764) is affected (versions up to 2.0.11). A missing capability check in ajax_set_featured_image enables authenticated users with subscriber-level permissions and above to alter the featured image of arbitrary posts using images from the media lib...
CVE-2023-2764
The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsetfeaturedimage function in versions up to, and including, 2.0.11. This makes it possible for authenticated attackers, with subscriber-level permissions and...
WordPress Plugin Draw Attention 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-21275 · WordPress · Draw Attention
Name of the Vulnerable Software and Affected Versions: Draw Attention plugin for WordPress versions up to, and including, 2.0.11 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by changing the featured image of arbitrary posts using...
WordPress Draw Attention Plugin <= 2.0.11 is vulnerable to Broken Access Control
Software Draw Attention Type Plugin Vulnerable versions = 2.0.11 Fixed in 2.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2764 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 38c9e02b7556 Credits Alex Thomas Required...