3 matches found
CVE-2024-9195
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9195 WHMPress - WHMCS Client Area <= 4.3-revision-3- Authenticated (Subscriber+) Arbitrary Options Update
The WHMPress - WHMCS Client Area plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updatesettings case in the /admin/ajax.php file in all versions up to, and including, 4.3-revision-3. This makes ...
CVE-2024-9195
CVE-2024-9195 affects the WordPress plugin WHMPress — WHMCS Client Area (for WordPress) and is caused by a missing capability check on the update_settings operation in the file /admin/ajax.php . It allows authenticated attackers with Subscriber+ privileges to modify arbitrary options, potentially...