Lucene search
WpvulndbWPVDB-ID:FD80A901-0AE9-43EC-97E0-539FDDED9747HistoryMay 30, 2023 - 12:00 a.m.
Draw Attention < 2.0.12 - Subscriber+ Unauthorized Featured Image Modification
2023-05-3000:00:00
wpscan.com
3
plugin
capability check
ajax
authenticated users
subscriber-level permissions
featured images
media library
EPSS
0.001
Percentile
45.1%
The plugin does not perform a capability check on the ajax_set_featured_image function, allowing authenticated users with subscriber-level permissions to modify featured images of arbitrary posts using images from the media library.
Related
cvelist
cvelist
CVE-2023-2764
2023-06-09 05:33:11
nvd
nvd
CVE-2023-2764
2023-06-09 06:16:11
prion
prion
Design/Logic Flaw
2023-06-09 06:16:00
cve
cve
CVE-2023-2764
2023-06-09 06:16:11
wordfence
wordfence