Описание
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
Ссылки
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.7.51 (включая)
cpe:2.3:a:wpchill:download_monitor:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 79%
0.01314
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators.
EPSS
Процентиль: 79%
0.01314
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
CWE-862