Security Advisory

CVE-2021-24788

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-08 17:35:20

Last updated 2024-08-03 19:42:17

Assigner WPScan

State PUBLISHED

Description

The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subscribers) can add/set/delete arbitrary categories to posts.

← Browse all CVEs View on cve.org ↗