Lucene search

K
wpvulndbWpvulndbWPVDB-ID:A1B2DBC8-CD30-46CE-A88F-8856DF2D9253
HistoryApr 30, 2024 - 12:00 a.m.

Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal

2024-04-3000:00:00
wpscan.com
1
wordpress
tychesoftwares
vulnerability
unauthorized access

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Description Multiple plugins for WordPress by tychesoftwares are vulnerable to unauthorized modification of data due to a missing capability check on the ts_admin_notices() function in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss tracking notices.

CPENameOperatorVersion
eq2.1.11
eq1.9.4
eq4.9.0

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Related for WPVDB-ID:A1B2DBC8-CD30-46CE-A88F-8856DF2D9253