1 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments. El complemento Product Designer para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función product_designer_ajax_delete_attach_id() en todas las versiones hasta la 1.0.33 incluida. Esto hace posible que atacantes no autenticados eliminen archivos adjuntos arbitrarios. The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. • https://plugins.trac.wordpress.org/browser/product-designer/trunk/includes/designer-function.php#L412 https://www.wordfence.com/threat-intel/vulnerabilities/id/2f127fe5-67b8-40e1-a916-c607410b08b3?source=cve • CWE-862: Missing Authorization •