CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35683 – WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-35683
Missing Authorization vulnerability in Teplitsa of social technologies Leyka.This issue affects Leyka: from n/a through 3.31.1. Vulnerabilidad de autorización faltante en Teplitsa de tecnologías sociales Leyka. Este problema afecta a Leyka: desde n/a hasta 3.31.1. The Leyka plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sendCardCheck function in versions up to, and including, 3.31.1. This makes it possible for unauthenticated attackers to perform a card check. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-31-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33327 – WordPress Leyka plugin <= 3.30.2 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-33327
Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. La vulnerabilidad de gestión de privilegios inadecuada en Teplitsa de las tecnologías sociales de Leyka permite la escalada de privilegios. Este problema afecta a Leyka: desde n/a hasta 3.30.2. The Leyka plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 3.30.2. This allows donors users to gain administrator access by setting the passwords for an administrator account when initially setting their password. • https://patchstack.com/database/vulnerability/leyka/wordpress-leyka-plugin-3-29-2-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management CWE-639: Authorization Bypass Through User-Controlled Key •