Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2023-0551

Disclosure Date: August 16, 2023 (last updated October 08, 2023)
The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0