The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-29T14:44:19.154Z

Updated: 2024-08-02T08:28:20.402Z

Reserved: 2023-11-24T10:41:17.024Z

Link: CVE-2023-6279

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-29T15:15:09.343

Modified: 2024-11-21T08:43:31.597

Link: CVE-2023-6279

cve-icon Redhat

No data.