Описание
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.
EPSS
Процентиль: 13%
0.00043
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.3
github
больше 1 года назад
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authenticated attacker, with minimal permission, such as a subscriber, to perform a variety of actions such as modifying settings and viewing sensitive data.
EPSS
Процентиль: 13%
0.00043
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-862