The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-10T12:40:40.136Z
Updated: 2024-08-02T05:57:24.078Z
Reserved: 2023-03-23T09:59:01.878Z
Link: CVE-2023-1597
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-10T16:15:48.890
Modified: 2023-11-07T04:04:15.997
Link: CVE-2023-1597
Redhat
No data.