CVE-2023-6751 Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode...

WordPress Hostinger Plugin <= 1.9.7 is vulnerable to Broken Access Control

Software Hostinger Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6751 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 4fa08c339ad7 Credits Lucio Sá Required privilege...

PT-2023-8309 · Hostinger · Hostinger Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Hostinger plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to the public website function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a...