SYM_PHP_0056 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authorization
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-285: Improper Authorization |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
These hooks allow the developer to handle the custom AJAX endpoints."wp_ajax_$action" hook get fires for any authenticated user and "wp_ajax_nopriv_$action" hook get fires for non-authenticated users.