WordPress Plugin Vulnerabilities

Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Settings Update

Description

The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users yo update them

Affects Plugins

Plugin icon
awesome-filterable-portfolio
No known fix

References

CVE
CVE-2022-35238

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
881cc43d-69f4-4025-850e-c799c7d55c18

Timeline

Publicly Published
2022-09-15 (about 3 years ago)
Added
2022-09-25 (about 3 years ago)
Last Updated
2022-09-25 (about 3 years ago)

Other

Published
Title
Published
2025-06-05
Title
WordLift <= 3.54.5 - Missing Authorization
Published
2025-08-26
Title
Info Cards < 2.0.0 - Missing Authorization
Published
2023-12-01
Title
Social Pug < 1.30.1 - Missing Authorization via multiple admin_init actions
Published
2025-01-06
Title
Social Rocket – Social Sharing Plugin <= 1.3.4 - Missing Authorization to Settings Update
Published
2024-08-12
Title
Icegram < 3.1.25 - Missing Authorization