CVE-2024-0366

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings.

Related Vulnerabilities

CVE-2017-0920

MEDIUM
CVSS:4.3(Medium)

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an...

CWE-6392017

CVE-2017-15195

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.

CWE-6392017

CVE-2017-15196

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.

CWE-6392017

CVE-2017-15197

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.

CWE-6392017

CVE-2017-15199

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.

CWE-6392017

CVE-2017-15200

MEDIUM
CVSS:4.3(Medium)

In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.

CWE-6392017