Описание
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
Ссылки
- ExploitThird Party Advisory
- Not Applicable
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Not Applicable
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:membership_simplified_project:membership_simplified:1.58:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 97%
0.39956
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
EPSS
Процентиль: 97%
0.39956
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434