5 matches found
CVE-2024-13655
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...
CVE-2024-13655 Flex Mag - Responsive WordPress News Theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion
The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...
CVE-2024-13655
CVE-2024-13655 affects the Flex Mag - Responsive WordPress News Theme for WordPress (versions up to 3.5.2). The root cause is a missing capability check in propanel_of_ajax_callback(), allowing authenticated attackers with Subscriber-level access and above to delete arbitrary option values, poten...
WordPress plugin Flex Mag 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Flex Mag theme <= 3.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Option Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Option Deletion vulnerability discovered by Lucio Sá in WordPress Theme Flex Mag versions = 3.5.2...