CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

EUVD-2023-44583

Malicious code in bioql PyPI...

Design/Logic Flaw

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374 WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-4374

CVE-2023-4374 – WP Remote Users Sync (WordPress) vulnerability affecting versions up to 1.2.11 due to a missing capability check in the refresh_logs_async function. This permits authenticated users with subscriber privileges or higher to view logs and potentially add data. Impact is information d...

CVE-2023-3958 WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notifypingremote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locatio...

CVE-2023-3958

CVE-2023-3958 affects the WP Remote Users Sync WordPress plugin. The vulnerability is a Server-Side Request Forgery (SSRF) via the notify_ping_remote AJAX function in versions up to and including 1.2.12. An authenticated attacker with subscriber-level permissions (or higher) can cause the web app...

WordPress WP Remote Users Sync Plugin <= 1.2.12 is vulnerable to Server Side Request Forgery (SSRF)

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.12 Fixed in 1.2.13 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-3958 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 57ad18456846 Credits Lana Codes...

WordPress Plugin Remote Users Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Remote Users Sync 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress WP Remote Users Sync Plugin <= 1.2.11 is vulnerable to Broken Access Control

Software WP Remote Users Sync Type Plugin Vulnerable versions = 1.2.11 Fixed in 1.2.12 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-4374 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 367f50681d32 Credits Lana Codes Required...

PT-2023-28959 · WordPress · Wp Remote Users Sync

Name of the Vulnerable Software and Affected Versions: WP Remote Users Sync plugin for WordPress versions up to, and including, 1.2.11 Description: The issue allows unauthorized access and addition of data due to a missing capability check on the refresh logs async function. This makes it possibl...