Woostify Sites Library
Monthly
Unauthenticated broken access control in Woostify Sites Library WordPress plugin versions up to and including 1.6.2 permits remote, unauthenticated attackers to bypass authorization checks and perform restricted actions against affected WordPress installations. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no credentials and no user interaction, making automated scanning and exploitation straightforward. No active exploitation has been identified at time of analysis, and no public exploit code is known.
Unauthenticated broken access control in Woostify Sites Library WordPress plugin versions up to and including 1.6.2 permits remote, unauthenticated attackers to bypass authorization checks and perform restricted actions against affected WordPress installations. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no credentials and no user interaction, making automated scanning and exploitation straightforward. No active exploitation has been identified at time of analysis, and no public exploit code is known.