Source |
CVE Liste |
Identifiant |
4024850 |
Date de publication |
2022-01-24 08:15:08 (vue: 2022-01-24 12:06:27) |
Titre |
CVE-2021-24968 |
Texte |
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions |
Envoyé |
Oui |
Condensat |
2021 24968 actions add ajax any authenticated available before capability checks could create csrf cve does ewd faq have low not page plugin questions result role subscriber ufaq ultimate users welcome wordpress |
Tags |
|
Stories |
|
Notes |
|
Move |
|