5 matches found
CVE-2024-13655
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...
CVE-2024-13655
CVE-2024-13655 affects the Flex Mag - Responsive WordPress News Theme for WordPress (versions up to 3.5.2). The root cause is a missing capability check in propanel_of_ajax_callback(), allowing authenticated attackers with Subscriber-level access and above to delete arbitrary option values, poten...
CVE-2024-13655 Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...
WordPress plugin Flex Mag 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Flex Mag theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Option Deletion vulnerability discovered by Lucio Sá in WordPress Theme Flex Mag versions = 3.5.2...