3 matches found
CVE-2024-38690
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.3...
WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin <= 1.8.3 is vulnerable to Broken Access Control
Software iPanorama 360 WordPress Virtual Tour Builder Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38690 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 070f425a0f60 Credits...
CVE-2023-5336
The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...