CVE-2024-3277

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key.

Related Vulnerabilities

CVE-2016-5553

MEDIUM
CVSS:5.0(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2017-10221

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulner...

NVD-CWE-Other2017

CVE-2017-10275

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable...

NVD-CWE-Other2017

CVE-2017-10428

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows ...

NVD-CWE-Other2017

CVE-2017-2516

MEDIUM
CVSS:5.0(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a cr...

NVD-CWE-Other2017

CVE-2017-3475

MEDIUM
CVSS:5.0(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 a...

NVD-CWE-Other2017