Описание
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.5.10 (включая)
cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-264
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content).
EPSS
Процентиль: 40%
0.00182
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-264
NVD-CWE-Other