5 matches found
CVE-2023-6750
CVE-2023-6750 affects the Clone WordPress backup plugin prior to 2.4.3. Root cause: it stores in-progress backup information in buffer files at a publicly accessible, hard-coded path, enabling unauthenticated access. Impact (per available sources): exposure of backup data via unauthenticated acce...
CVE-2023-0958
CVE-2023-0958 affects WordPress plugins developed by Inisev that expose an inisev_installation AJAX action. The root cause is a missing capability check in the handle_installation function, enabling an authenticated attacker with minimal privileges (e.g., a subscriber) to install select Inisev pl...
CVE-2024-43298
CVE-2024-43298 pertains to the WordPress plugin “Clone” (WP Clone by WP Academy). Connected documents confirm a Missing Authorization / Broken Access Control vulnerability in Clone versions n/a through 2.4.5. The CVSS data from NVD indicates high impact (C, I, A high) with network attack vector a...
CVE-2024-43297
CVE-2024-43297 : The Red Hat/WordPress vulnerability description indicates a Missing Authorization (Broken Access Control) flaw in the WordPress Clone plugin up to version 2.4.5, allowing unauthorized access due to misconfigured access control. The description does not specify an affected vendor/...
CVE-2023-3977
CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...