GrepRules
Sign inPublish rule
Explore/cve-2024-10222-wp-ajax-idor-edit-posts

CVE-2024-10222: Wp Ajax Idor Edit Posts

A WordPress function accesses user input via a superglobal but only checks the generic 'edit_posts' capability. This misses an authorization check at the object level, potentially allowing an attacker to exploit an Insecure Direct Object Reference (IDOR) by passing the ID of a post they do not own. Validate the user's permission to edit the specific post usi

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0PHPβ
greprules fetch cve-2024-10222-wp-ajax-idor-edit-posts --engine opengrep

Description

A WordPress function accesses user input via a superglobal but only checks the generic 'edit_posts' capability. This misses an authorization check at the object level, potentially allowing an attacker to exploit an Insecure Direct Object Reference (IDOR) by passing the ID of a post they do not own. Validate the user's permission to edit the specific post usi

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 81How quality works
Included packs
2 packs