10 matches found
CVE-2024-1906
CVE-2024-1906 – Categorify (WordPress) CSRF in categorifyAjaxAddCategory Affects: Categorify – WordPress Media Library Category & File Manager plugin for WordPress (all versions up to 1.0.7.4).Root cause: Missing or incorrect nonce validation in categorifyAjaxAddCategory.Impact: Unauthenticated a...
CVE-2024-1912
The CVE-2024-1912 entry concerns the Categorify WordPress plugin (versions up to and including 1.0.7.4). The underlying issue is missing or incorrect nonce validation in the categorifyAjaxUpdateFolderPosition function, enabling CSRF: unauthenticated attackers could forge requests to alter categor...
CVE-2024-1907
CVE-2024-1907 relates to the WordPress Categorify plugin. The connected documents confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the categorifyAjaxDeleteCategory function, affecting all versions up to and including 1.0.7.4. This allows unauthenticated attackers to...
CVE-2024-1653
The CVE-2024-1653 vulnerability affects the Categorify WordPress plugin and hinges on a missing authorization check in categorifyAjaxUpdateFolderPosition. It affects all versions up to 1.0.7.4, enabling an authenticated attacker with subscriber-level access or higher to modify folder positions an...
CVE-2024-1910
The CVE concerns WordPress Categorify plugin (Categorify – WordPress Media Library Category & File Manager). Affected versions: all up to and including 1.0.7.4. Root cause: missing or incorrect nonce validation in the categorifyAjaxClearCategory function, enabling Cross-Site Request Forgery. Effe...
CVE-2024-1650
CVE-2024-1650: WordPress Categorify plugin (up to 1.0.7.4) suffers missing authorization in categorifyAjaxRenameCategory, enabling authenticated users with subscriber+ rights to rename categories. PatchStack notes vulnerability in versions
CVE-2024-1909
The Categorify WordPress plugin (Categories/Media Library) is affected by a CSRF vulnerability (CVE-2024-1909) due to missing nonce validation in the categorifyAjaxRenameCategory path. Affected versions are up to 1.0.7.4. The issue allows unauthenticated attackers to rename categories by triggeri...
CVE-2024-1649
CVE-2024-1649 affects the Categorify plugin for WordPress. The vulnerability arises from a missing capability check in categorifyAjaxDeleteCategory, affecting all versions up to and including 1.0.7.4. This allows authenticated users with subscriber-level access and above to delete categories. The...
CVE-2024-1652
The CVE CVE-2024-1652 affects the Categorify – WordPress Media Library Category & File Manager plugin (versions <= 1.0.7.4). The root cause is a missing capability/authorization check in categorifyAjaxClearCategory, allowing authenticated users with subscriber-level access and above to clear c...
CVE-2024-0385
CVE-2024-0385 affects the Categorify WordPress plugin (versions up to and including 1.0.7.4). The vulnerability arises from a missing capability/authorization check within the categorifyAjaxAddCategory function, enabling authenticated users with subscriber-level access and above to modify data (a...