WordPress Flo Launch plugin <= 2.4 - Missing Authentication Allows Full Site Takeover vulnerability

2022-03-2900:00:00

Daniel Ruf

patchstack.com

0.003 Low

EPSS

Percentile

68.8%

Missing Authentication Allows Full Site Takeover vulnerability discovered by Daniel Ruf in WordPress Flo Launch plugin (versions <= 2.4).

Solution

           Update the WordPress Flo Launch plugin to the latest available version (at least 2.4.1).

CPENameOperatorVersion
flo launchle2.4

CPE	Name	Operator	Version
	flo launch	le	2.4

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0541

docs.flothemes.com/general/#flo-launch-plugin/

wpscan.com/vulnerability/822cac2c-decd-4aa4-9e8e-1ba2d0c080ce

0.003 Low

EPSS

Percentile

68.8%

Related for PATCHSTACK:B697EC67C3DF3121A8F5D22144ADDBC4