1 results (0.001 seconds)
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5863 – Easy Image Collage <= 1.13.5 - Missing Authorization to Authenticated (Contributor+) Data Clearance
https://notcve.org/view.php?id=CVE-2024-5863
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to erase all of the content in arbitrary posts. • https://www.wordfence.com/threat-intel/vulnerabilities/id/ceeefc3f-1cb7-48df-9978-258f015d93c7?source=cve https://plugins.trac.wordpress.org/changeset/3106714/easy-image-collage/tags/1.13.6/helpers/ajax.php • CWE-862: Missing Authorization •