3 matches found
CVE-2023-7292
The CVE-2023-7292 entry concerns the WordPress Paytium: Mollie payment forms & donations plugin. Affected component: paytium_notice_dismiss function; root cause: missing capability check, allowing unauthorized dismissal of admin notices. Impact: authenticated users with subscriber-level access ca...
Advanced Local Pickup for WooCommerce < 1.6.2 - Missing Authorization to Notice Dismissal
Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminnoticesforalppro function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to...
SAML SP Single Sign On < 5.0.5 - Missing Authorization to notice dismissal
Description The SAML SP Single Sign On plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the closewelcomemodal function in versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with subscriber-level access...