LoginPress < 1.6.3 - Unauthenticated Settings Update

2022-11-0700:00:00

wpscan.com

loginpress

plugin

unauthenticated

settings

update

vulnerability

0.001 Low

EPSS

Percentile

31.5%

JSON

The plugin does not have authorisation and CSRF checks when updating its Opt-In and Opt-Out tracking settings, which could allow any unauthenticated users to update them

CPENameOperatorVersion
loginpresslt1.6.3

CPE	Name	Operator	Version
	loginpress	lt	1.6.3

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for WPVDB-ID:8458A81D-446B-474F-9E78-426ED120ADCB