Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls
Vulnerability Description
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
WordPress 插件访问控制错误漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 WordPress Plugin 存在访问控制错误漏洞,该漏洞源于 2.2.3 版本之前的 Visual Link Preview 插件不会对多个 AJAX 操作强制执行授权,并且会为所有经过身份验证的用户显示 CSRF nonce,允许任何经过身份验证的用户(例如订阅者)调用它们 1) 获取和搜索标题和
CVSS Information
N/A
Vulnerability Type
N/A