Unlimited-Elements: >> Addon Library Security Vulnerabilities
The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-02-26