2 matches found
CVE-2017-18584
CVE-2017-18584 : The WordPress plugin “post-pay-counter” prior to version 2.731 exposes an update-settinga action without a permissions check, enabling unauthorized usage. Root cause: missing access control in the plugin’s update-settinga workflow. Impact: as described in multiple sources, this c...
CVE-2017-18583
CVE-2017-18583 affects the WordPress plugin post-pay-counter (before 2.731) with a PHP Object Injection flaw. The advisory sources identify this as a high/critical issue: CVSS v2 base score 7.5 (HIGH) and CVSS v3.0 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and imp...