[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpa8D1UfD7oRRncuZ7besdM65FmBENbC2SiHu68x1NdQ":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"WF-b9002f6e-4345-4908-9cb8-9841a2458eb7-cartflows","cartflows-insecure-direct-object-reference-to-arbitrary-post-deletion","CartFlows \u003C= 1.11.11 - Insecure Direct Object Reference to Arbitrary Post Deletion","The CartFlows plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.11.11. This is due to the fact that during cart flow deletion\u002Fmodification, the plugin does not verify that the flow ID provided to the AJAX action is indeed a cart flow id. This makes it possible for authenticated attackers, with cart flow manager access or higher, to modify or delete arbitrary posts. This permission is by default available to admins, but can be given to other user types.","cartflows",null,"\u003C1.11.12","1.11.12","low",2.7,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2023-06-02 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb9002f6e-4345-4908-9cb8-9841a2458eb7?source=api-prod",235,[],false,0,{"type":25,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":26},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fcartflows\u002Ftags"]