CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

Authorization

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-4948

The FlyingPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 3.9.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to interact with the plugin in...

CVE-2022-4948

CVE-2022-4948 concerns the WordPress FlyingPress plugin, where versions up to and including 3.9.6 are vulnerable to an authorization bypass caused by a missing capability check on AJAX actions. The effect is that authenticated users with subscriber-level permissions and above can interact with th...

WordPress Plugin FlyingPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2023-15934 · WordPress · The Flyingpress

Name of the Vulnerable Software and Affected Versions: The FlyingPress plugin for WordPress versions up to, and including, 3.9.6 Description: The issue allows authenticated attackers with subscriber-level permissions and above to bypass authorization and interact with the plugin in unintended way...

FlyingPress < 3.9.7 - Arbitrary Settings Update to Stored XSS

The plugin does not have authorisation in various AJAX actions, allowing any authenticated users, such as subscribers to call them. One of those actions could allow them to rewrite static files URL JS, CSS etc to a malicious CDN under their control, which could lead to XSS...