The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-29T14:44:19.154Z
Updated: 2024-08-02T08:28:20.402Z
Reserved: 2023-11-24T10:41:17.024Z
Link: CVE-2023-6279
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-29T15:15:09.343
Modified: 2024-11-21T08:43:31.597
Link: CVE-2023-6279
Redhat
No data.