The Moneytizer
Monthly
Missing authorization in The Moneytizer WordPress plugin through version 10.0.10 allows unauthenticated remote attackers to modify content via incorrectly configured access control, enabling unauthorized data integrity changes without requiring authentication or user interaction. While CVSS scores 5.3 (medium) and EPSS exploitation probability is minimal at 0.02%, the lack of authentication requirements and network accessibility make this a persistent authorization bypass affecting all installations of vulnerable versions.
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.
Missing authorization in The Moneytizer WordPress plugin through version 10.0.10 allows unauthenticated remote attackers to modify content via incorrectly configured access control, enabling unauthorized data integrity changes without requiring authentication or user interaction. While CVSS scores 5.3 (medium) and EPSS exploitation probability is minimal at 0.02%, the lack of authentication requirements and network accessibility make this a persistent authorization bypass affecting all installations of vulnerable versions.
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.