Description
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2009-2687)
Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8707)
WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Scripting (2.53)