Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
Vulnerability Description
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
WordPress 访问控制错误漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 Realteo WordPress plugin 1.2.4之前版本存在访问控制错误漏洞,该漏洞源于没有确保请求删除的属性属于发出请求的用户,允许任何认证用户通过篡改属性id参数来删除任意属性。
CVSS Information
N/A
Vulnerability Type
N/A