Spoonthemes Adifier System vulnerabilities
2 known vulnerabilities affecting spoonthemes/adifier_system.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-13375P1CRITICALCVSS 9.8Exploited≤ 3.1.72025-01-18
CVE-2024-13375 [CRITICAL] CWE-620 CVE-2024-13375: The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover i
The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attacker
nvd
CVE-2023-49753P3HIGHCVSS 7.5≥ n/a, < 3.1.42024-05-17
CVE-2023-49753 [HIGH] CWE-22 CVE-2023-49753: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoo
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spoonthemes Adifier System allows PHP Local File Inclusion.This issue affects Adifier System: from n/a before 3.1.4.
nvd