WordPress Plugin Vulnerabilities

Flipbox < 2.6.1 - Authenticated Arbitrary Options Update

Description

The plugin does not have proper authorisation, allowing high privilege users (such as editor) to update arbitrary Blog options even though they should not be able to

Affects Plugins

Plugin icon
image-hover-effects-ultimate-visual-composer
Fixed in 2.6.1

References

CVE
CVE-2022-33969

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
7.2 (high)

Miscellaneous

Original Researcher
m0ze
Verified
No
WPVDB ID
1d858380-81c7-4112-accb-a7a57caa0c95

Timeline

Publicly Published
2022-07-25 (about 3 years ago)
Added
2022-07-25 (about 3 years ago)
Last Updated
2022-08-25 (about 3 years ago)

Other

Published
Title
Published
2025-06-16
Title
Poll, Survey & Quiz Maker Plugin by Opinion Stage < 19.10.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update
Published
2024-02-03
Title
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Published
2023-05-12
Title
WPCS – WordPress Currency Switcher Professional < 1.2.0 - Subscriber+ Missing Authorization Checks
Published
2023-12-14
Title
Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure
Published
2024-06-05
Title
Bookster < 1.2.0 - Unauthenticated Appointment Status Update