CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

CVE-2023-0328

The CVE-2023-0328 entry concerns the WPCode WordPress plugin before version 2.0.7, where insufficient privilege checks exist for several AJAX actions that only validate a nonce. This can allow any authenticated user with post-editing rights to invoke WPCode Library authentication endpoints, poten...

PT-2023-16182 · WordPress · Wp Coder

Name of the Vulnerable Software and Affected Versions: WPCode WordPress plugin versions prior to 2.0.7 Description: The issue arises from inadequate privilege checks for several AJAX actions in the WPCode WordPress plugin, where only the nonce is checked. This may allow any authenticated user who...

WordPress plugin WPCode 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress WPCode Plugin < 2.0.7 is vulnerable to Broken Access Control

Software WPCode Type Plugin Vulnerable versions 2.0.7 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0328 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ec0db54dded4 Credits Sanjay Das Required privilege Contributor...