Lucene search

WpvulndbWPVDB-ID:C203C93F-EBBD-484B-AE86-03B1AFE149E1

HistoryMay 07, 2024 - 12:00 a.m.

WP Post Author <= 3.6.5 - Missing Authorization

2024-05-0700:00:00

wpscan.com

wordpress

plugin

vulnerability

unauthorized access

missing capability check

authentication

subscriber-level access

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The WP Post Author plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function allowing authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

References

patchstack.com/database/vulnerability/wp-post-author/wordpress-wp-post-author-plugin-3-6-4-broken-access-control-vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for WPVDB-ID:C203C93F-EBBD-484B-AE86-03B1AFE149E1