Описание
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.
Ссылки
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords.
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS3