Описание
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5.5.9 (исключая)
cpe:2.3:a:passster_project:passter:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 69%
0.00606
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.
EPSS
Процентиль: 69%
0.00606
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-Other