Описание
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
EPSS
Процентиль: 52%
0.00294
Низкий
7.5 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
EPSS
Процентиль: 52%
0.00294
Низкий
7.5 High
CVSS3
Дефекты
CWE-862