Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:30953A64-38E8-4BFF-BBFE-BE6C0541B66B
HistoryMay 30, 2023 - 12:00 a.m.

Wordapp <= 1.5.0 - Authorization Bypass via Insufficiently Unique Cryptographic Signature

2023-05-3000:00:00
wpscan.com
5
plugin
cryptographic signature
authorization bypass
remote control
privilege escalation
software vulnerability

0.001 Low

EPSS

Percentile

50.4%

JSON

The plugin uses an insufficiently unique cryptographic signature in the wa_pdx_op_config_set function, which could allow an unauthenticated attacker to change the validation_token in the plugin config, providing access to the plugin’s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.

CPENameOperatorVersion
wordappeq*

Related

cvelist 1
cve 1
nvd 1
prion 1
wordfence 1
cvelist
cvelist
CVE-2023-2987
2023-05-31 02:40:20
cve
cve
CVE-2023-2987
2023-05-31 03:15:09
nvd
nvd
CVE-2023-2987
2023-05-31 03:15:09
prion
prion
Authorization
2023-05-31 03:15:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 29, 2023 to June 4, 2023)
2023-06-08 13:39:51

0.001 Low

EPSS

Percentile

50.4%

JSON
Related for WPVDB-ID:30953A64-38E8-4BFF-BBFE-BE6C0541B66B
cvelist1cve1nvd1prion1wordfence1