The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary posts.
References
Configurations
No configuration.
History
23 Apr 2024, 12:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-23 09:15
Updated : 2024-04-23 12:52
NVD link : CVE-2024-0900
Mitre link : CVE-2024-0900
CVE.ORG link : CVE-2024-0900
JSON object : View
Products Affected
No product.
CWE
No CWE.