Lucene search

WpvulndbWPVDB-ID:F0AD4978-4372-4647-A5E2-3CF3D0682F2B

HistoryApr 17, 2024 - 12:00 a.m.

Pardot < 2.1.1 - Missing Authorization

2024-04-1700:00:00

wpscan.com

pardot

wordpress

plugin

vulnerable

unauthorized access

ajax actions.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The Pardot plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset cache among other actions.

References

www.wordfence.com/threat-intel/vulnerabilities/id/e989dbb9-41eb-4c56-8d6b-7c0518500f2d

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:F0AD4978-4372-4647-A5E2-3CF3D0682F2B