CVE-2024-3602

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...

CVE-2024-3602

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnectpromolayer function in all versions up to, and including, 1.1.0. This...

WordPress plugin Promolayer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-26848 · WordPress · Promolayer

Name of the Vulnerable Software and Affected Versions: Promolayer plugin for WordPress versions up to, and including, 1.1.0 Description: The Promolayer plugin for WordPress is affected by an issue that allows unauthorized updates to plugin settings. This is due to a missing capability check on th...

WordPress Promolayer plugin <= 1.1.0 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Lucio Sá in WordPress Plugin Promolayer versions = 1.1.0...

WordPress Promolayer Plugin <= 1.1.0 is vulnerable to Broken Access Control

Software Promolayer Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3602 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID db7856cf6e2a Credits Lucio Sá Required privilege Subscribe...