Описание
The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6.0 (исключая)
cpe:2.3:a:data443:inline_related_posts:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 39%
0.00172
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
EPSS
Процентиль: 39%
0.00172
Низкий
4.3 Medium
CVSS3
Дефекты
NVD-CWE-noinfo