WordPress Plugin Vulnerabilities

Tilda Publishing < 0.3.24 - Subscriber+ Unauthorised Action

Description

The plugin is lacking authorisation in various AJAX actions, such as 'ajax_export_file' 'ajax_sync' 'ajax_get_keys' 'ajax_switcher_status', allowing any authenticated users, such as subscribers to perform a wide variety of actions like exporting data, modifying keys, and more.

Affects Plugins

Plugin icon
tilda-publishing
Fixed in 0.3.24

References

CVE
CVE-2023-31234
URL
https://patchstack.com/database/vulnerability/tilda-publishing/wordpress-tilda-publishing-plugin-0-3-20-broken-access-control-csrf-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (Medium)

Miscellaneous

Original Researcher
spacecroupier
Verified
No
WPVDB ID
441fac3b-f360-4633-b994-ac917f8fdce2

Timeline

Publicly Published
2023-09-04 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-04-08 (about 2 years ago)

Other

Published
Title
Published
2024-08-12
Title
Leopard - WordPress offload media <= 2.0.36 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Published
2025-04-25
Title
Aeropage Sync for Airtable < 3.3.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Published
2024-09-10
Title
Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion
Published
2022-11-28
Title
Directorist < 7.4.4 - Subscriber+ Sensitive Information Disclosure
Published
2025-01-03
Title
Poll Maker < 5.5.7 - Missing Authorization