Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax Actions
Vulnerability Description
The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site.
CVSS Information
N/A
Vulnerability Type
未经验证的属主
Vulnerability Title
WordPress 访问控制错误漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress theme Workreap 存在访问控制错误漏洞,该漏洞源于有几个 AJAX 操作缺少授权检查,以验证用户是否有权执行修改或删除对象等关键操作。 这允许登录用户修改或删除属于站点上其他用户的对象。
CVSS Information
N/A
Vulnerability Type
N/A