- Lana Codes
- Common Vulnerabilities
miniOrange Discord Integration by miniOrange <= 2.1.5 - Subscriber+ App Disabling
LANACOMMONVDB ID: dca6f79f-9c77-4aee-8ad5-046e9587ac5c
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example.
You must be log in to view vulnerability details.
Or register a new account.