1 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator The Themeflection Numbers plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the tf_numb_save_licenses function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with subscriber-level capabilities to update arbitrary site options, which can lead to privilege escalation. Version 2.0.0 introduced a partial patch which prevented privilege escalation but still potentially allowed data modification. • https://wpscan.com/vulnerability/c39473a7-47fc-4bce-99ad-28d03f41e74e • CWE-862: Missing Authorization •