exploitDog

CVE-2019-15820

Опубликовано: 30 авг. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.

Ссылки

https://blog.nintechnet.com/unauthenticated-options-change-in-wordpress-login-or-logout-menu-item-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/login-or-logout-menu-item/#developers
Product
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9500
Third Party Advisory
https://blog.nintechnet.com/unauthenticated-options-change-in-wordpress-login-or-logout-menu-item-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/login-or-logout-menu-item/#developers
Product
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9500
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:login_or_logout_menu_item_project:login_or_logout_menu_item:*:*:*:*:*:wordpress:*:*

Версия до 1.2.0 (исключая)

EPSS

Процентиль: 41%

0.00194

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-cj2g-fw5j-r5hx

CVSS3: 6.1

github

больше 3 лет назад

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.

EPSS

Процентиль: 41%

0.00194

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601