Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2022-3082

Disclosure Date: October 17, 2022 (last updated October 08, 2023)
The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0