Source |
CVE Liste |
Identifiant |
8406889 |
Date de publication |
2023-11-06 21:15:09 (vue: 2023-11-06 23:10:24) |
Titre |
CVE-2023-5454 |
Texte |
Le plugin WordPress mamplicité avant 2.2.6 n'autorise pas correctement l'appel de l'API Saved-Templates / Delete ', permettant aux utilisateurs non authentifiés de supprimer les publications arbitraires.
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. |
Envoyé |
Oui |
Condensat |
2023 5454 `saved allowing api arbitrary authorize before call cve delete does not plugin posts properly rest templately templates/delete` unauthenticated users wordpress |
Tags |
|
Stories |
|
Notes |
|
Move |
|