CVE-2024-49252 – WordPress leyka plugin <= 3.31.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-49252
: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.6. :Vulnerabilidad de exposición de información sensible del sistema a una esfera de control no autorizada en Teplitsa of social technologies Leyka. Este problema afecta a Leyka: desde n/a hasta 3.31.6. The Leyka plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the leyka_ajax_get_campaigns_list() function in all versions up to, and including, 3.31.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve information about campaigns. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-31-6-broken-access-control-vulnerability?_s_id=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •
CVE-2024-35683 – WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35683
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. Vulnerabilidad de autorización faltante en Teplitsa de tecnologías sociales Leyka. Este problema afecta a Leyka: desde n/a hasta 3.31.1. The Leyka plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sendCardCheck function in versions up to, and including, 3.31.1. This makes it possible for unauthenticated attackers to perform a card check. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-31-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-33327 – WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-33327
Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. La vulnerabilidad de gestión de privilegios inadecuada en Teplitsa de las tecnologías sociales de Leyka permite la escalada de privilegios. Este problema afecta a Leyka: desde n/a hasta 3.30.2. The Leyka plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 3.30.2. This allows donors users to gain administrator access by setting the passwords for an administrator account when initially setting their password. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-639: Authorization Bypass Through User-Controlled Key •