iPanorama 360 WordPress Virtual Tour Builder < 1.8.2 – Missing Authorization | CVE 2024-33941

Affects Plugins

ipanorama-360-virtual-tour-builder-lite

Fixed in 1.8.2

References

CVE

CVE-2024-33941

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/924145bb-d636-4184-8f3f-578c8b11e3a6

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Dhabaleshwar Das

Verified

No

WPVDB ID

28c264f9-ec35-4885-b299-adb9e835100a

Timeline

Publicly Published

2024-04-30 (about 2 years ago)

Added

2024-05-07 (about 2 years ago)

Last Updated

2024-05-07 (about 2 years ago)

Other

Published

Title

Published

2024-10-21

Title

Best Restaurant Menu by PriceListo < 1.4.3 - Missing Authorization

Published

2025-10-16

Title

Front End Users < 3.2.34 - Missing Authorization

Published

2026-04-03

Title

Kadence Blocks < 3.6.4 - Contributor+ Media Upload

Published

2025-02-17

Title

Scratch & Win – Giveaways and Contests < 2.9.0 - Missing Authorization to Unauthenticated Coupon Creation

Published

2024-07-15

Title

Brizy – Page Builder < 2.4.45 - Missing Authorization to Authenticated (Contributor+) Post Modification