WordPress Plugin Vulnerabilities

Easy Captcha <= 1.0 - Missing Authorization

Description

The plugin does not have authorisation in various AJAX actions, which could allow unauthenticated users to call them and perform unauthorised actions

Affects Plugins

Plugin icon
easy-captcha
No known fix

References

CVE
CVE-2023-33324

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
c94cc737-100c-486d-a149-487e4ed0a3a4

Timeline

Publicly Published
2023-07-18 (about 9 months ago)
Added
2023-07-20 (about 9 months ago)
Last Updated
2023-07-20 (about 9 months ago)

Other

Published
Title
Published
2024-03-28
Title
Responsive < 5.0.3 - Missing Authorization to HMTL Injection
Published
2024-03-29
Title
Spiffy Calendar < 4.9.11 - Missing Authorization
Published
2023-01-10
Title
Royal Elementor Addons < 1.3.60 - Subscriber+ Mega Menu Settings Update
Published
2023-09-05
Title
WP Directory Kit < 1.2.7 - Missing Authorization
Published
2024-02-02
Title
Happy Addons for Elementor < 3.10.2 - Missing Authorization via add_row_actions