3 matches found
CVE-2019-20360
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...
CVE-2019-20360
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information PII including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the...
CVE-2019-20360
CVE-2019-20360 affects the WordPress GiveWP plugin (versions prior to 2.5.5). It describes an authentication bypass where unauthenticated users can access PII (names, addresses, IPs, emails) by manipulating an API key to match a wp_usermeta key and setting the token to the corresponding MD5 hash ...