CVE: CVE-2023-5251

Descrizione: The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘grid_plus_save_layout_callback’ and ‘grid_plus_delete_callback’ functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.

Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Riferimenti esterni

• https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974?source=cve
• https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L10
• https://plugins.trac.wordpress.org/browser/grid-plus/tags/1.3.2/core/ajax_be.php#L69

Prodotti interessati

• g5theme – Grid Plus – Unlimited grid layout

Relazioni con altri prodotti

Produttore:G5Theme
Prodotto: Grid Plus – Unlimited grid layout
Anno: 2023
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)