Unrated severityNVD Advisory· Published Jul 10, 2023· Updated Nov 8, 2024
tagDiv Cloud Library < 2.7 - Unauthenticated Arbitrary User Metadata Update to Privilege Escalation
CVE-2023-1597
Description
The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/4eafe111-8874-4560-83ff-394abe7a803bmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.