CVE-2024-1637 Information

Apr 10, 2024 cve

Description

The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to and including 1.7.12. This makes it possible for authenticated attackers with subscriber access or higher to update plugin settings.

Reference

https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=cve https://plugins.trac.wordpress.org/browser/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php#L42 https://plugins.trac.wordpress.org/changeset/3047449/360deg-javascript-viewer/trunk/admin/pages/class-jsv-360-admin_page_abstract.php?contextall=1&old=3015478&old_path=%2F360deg-javascript-viewer%2Ftrunk%2Fadmin%2Fpages%2Fclass-jsv-360-admin_page_abstract.php

Share on: