Hustle
Monthly
WPMU DEV Hustle plugin versions through 7.8.10.1 allow unauthenticated remote attackers to modify sensitive data via missing authorization controls on access-restricted functionality. The vulnerability exploits incorrectly configured access control security levels, enabling attackers to bypass authentication mechanisms without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WPMU DEV Hustle plugin versions through 7.8.10.1 allow unauthenticated remote attackers to modify sensitive data via missing authorization controls on access-restricted functionality. The vulnerability exploits incorrectly configured access control security levels, enabling attackers to bypass authentication mechanisms without user interaction. No public exploit code or active exploitation has been confirmed at the time of analysis.
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.