exploitDog

GHSA-p8fm-626m-mf8v

Опубликовано: 25 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

Ссылки

EPSS

Процентиль: 50%

0.00273

Низкий

4.3 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2024-1564

CVSS3: 4.3

nvd

почти 2 года назад

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

EPSS

Процентиль: 50%

0.00273

Низкий

4.3 Medium

CVSS3

CVE ID