WordPress Plugin Vulnerabilities

Crowdsignal Dashboard < 3.0.10 - Contributor+ Rating Settings Update

Description

The plugin does not have proper authorisation, which could allow users with a role as low as contributor to update the rating settings

Affects Plugins

Plugin icon
polldaddy
Fixed in 3.0.10

References

CVE
CVE-2022-45069
URL
https://hackerone.com/reports/1725143

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
apapedulimu
Verified
Yes
WPVDB ID
b063a540-6a49-4584-be97-319465993dbd

Timeline

Publicly Published
2022-11-17 (about 3 years ago)
Added
2022-11-18 (about 3 years ago)
Last Updated
2022-11-18 (about 3 years ago)

Other

Published
Title
Published
2022-05-09
Title
Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update
Published
2026-01-09
Title
Blog2Social: Social Media Auto Post & Scheduler < 8.7.3 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
Published
2023-11-28
Title
WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints
Published
2021-09-28
Title
AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation
Published
2026-03-20
Title
UiPress lite <= 3.5.09 - Subscriber+ Plugin Settings Update