Описание
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
Ссылки
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:divebook_project:divebook:1.1.4:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.
EPSS
Процентиль: 44%
0.00214
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862