← Back

Cloud Library

cloud_library

Vendor: Tagdiv • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-1597
1Tagdiv
1Cloud Library
Nov 21, 2024
Jul 10, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary u...Show more
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.Show less