Arconix FAQ < 1.9.5 – Missing Authorization | CVE 2024-38783

Affects Plugins

arconix-faq

Fixed in 1.9.5

References

CVE

CVE-2024-38783

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4f76181a-8fb4-4f0e-b84c-0dabc482261d

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Dhabaleshwar Das

Verified

No

WPVDB ID

29778c1d-966c-4828-9427-b7cffdbe03b1

Timeline

Publicly Published

2024-07-19 (about 1 year ago)

Added

2024-07-25 (about 1 year ago)

Last Updated

2024-07-25 (about 1 year ago)

Other

Published

Title

Published

2024-04-15

Title

Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending

Published

2024-04-05

Title

WP-Stateless – Google Cloud Storage < 3.4.1 - Missing Authorization to Limited Arbitrary Options Update

Published

2026-02-09

Title

Construction Landing Page < 1.4.2 - Missing Authorization

Published

2025-09-22

Title

Ongkoskirim.id <= 1.0.6 - Missing Authorization

Published

2026-01-07

Title

Tutor LMS < 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details