Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:EF73AF70-F709-4CEA-821C-A1EF245A9CA7
HistoryNov 23, 2023 - 12:00 a.m.

Delete Duplicate Posts < 4.9 - Missing Authorization via AJAX Actions

2023-11-2300:00:00
wpscan.com
3
wordpress
vulnerability
unauthorized deletion
ajax actions
data gathering

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON

Description The Delete Duplicate Posts plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on some of its AJAX actions in all versions up to 4.9 (exclusive). This makes it possible for authenticated attackers, with subscriber access or higher, to delete duplicate posts, access plugin logs, and opt in to Freemius data gathering.

CPENameOperatorVersion
eq4.9

Related

nvd 1
prion 1
cvelist 1
cve 1
wordfence 1
nvd
nvd
CVE-2023-47754
2023-12-19 00:15:07
prion
prion
Authorization
2023-12-19 00:15:00
cvelist
cvelist
CVE-2023-47754 WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control
2023-12-18 23:49:12
cve
cve
CVE-2023-47754
2023-12-19 00:15:07
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (November 13, 2023 to November 19, 2023)
2023-11-23 20:29:59

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.1%

JSON
Related for WPVDB-ID:EF73AF70-F709-4CEA-821C-A1EF245A9CA7
nvd1prion1cvelist1cve1wordfence1