Lucene search

K
wpvulndbWpvulndbWPVDB-ID:3DD47C9A-E05A-49CA-A0EC-792A9845BAB2
HistoryFeb 20, 2024 - 12:00 a.m.

WP Setup Wizard < 1.0.8.2 - Authenticated (Subscriber+) Full Database Download

2024-02-2000:00:00
wpscan.com
5
wordpress
setup wizard
vulnerability
unauthorized access
database

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

Description The WP Setup Wizard plugin for WordPress is vulnerable to unauthorized access of datadue to a missing capability check in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to download the entire database.

CPENameOperatorVersion
eq1.0.8.2

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.9%

Related for WPVDB-ID:3DD47C9A-E05A-49CA-A0EC-792A9845BAB2