1 results (0.005 seconds)

CVSS: 5.3EPSS: %CPEs: 1EXPL: 0

The Featured Post Creative plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpfp_update_featured_post function called via a nopriv AJAX action in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to change what post is featured. • CWE-862: Missing Authorization •