Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:0DC5F6FA-AB89-4C16-87CB-0BF9F548D3EF
HistoryNov 23, 2023 - 12:00 a.m.

Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update

2023-11-2300:00:00
wpscan.com
22
wordpress
vulnerability
insecure direct object reference
pre-publish checklist

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppc_meta_box_ajax_add_handler and ppc_meta_box_ajax_delete_handler functions due to missing validation on a user controlled key. This can allow authenticated attackers with contributor-level access and above to modify and delete the ‘_ppc_meta_key’ post meta value for arbitrary posts.

CPENameOperatorVersion
eq1.1.2

Related

cvelist 1
vulnrichment 1
cve 1
nvd 1
cvelist
cvelist
CVE-2023-44151 WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability
2024-06-19 11:49:25
vulnrichment
vulnrichment
CVE-2023-44151 WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability
2024-06-19 11:49:25
cve
cve
CVE-2023-44151
2024-06-19 12:15:10
nvd
nvd
CVE-2023-44151
2024-06-19 12:15:10

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for WPVDB-ID:0DC5F6FA-AB89-4C16-87CB-0BF9F548D3EF
cvelist1vulnrichment1cve1nvd1