The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/626bbc7d-0d0f-4418-ac61-666278a1cbdb/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-29T14:44:19.154Z
Updated: 2024-01-29T14:44:19.154Z
Reserved: 2023-11-24T10:41:17.024Z
Link: CVE-2023-6279
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-29T15:15:09.343
Modified: 2024-02-03T01:22:07.893
Link: CVE-2023-6279
JSON object: View
Redhat Information
No data.
CWE