Description
The allows any authenticated user to join a private group due to a missing authorization check on a function.
References
https://wpscan.com/vulnerability/119d2d93-3b71-4ce9-b385-4e6f57b162cb/
CVE-2024-2231 : HIMER PLUGIN UP TO 2.1.0 ON WORDPRESS PRIVATE GROUP AUTHORIZATION
- Prasad G
- July 4, 2024
- 11:41 am
Contact us to get started
CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION
Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build
CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION
Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION
Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add