Описание
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
Ссылки
EPSS
Процентиль: 15%
0.00048
Низкий
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.4
github
почти 2 года назад
The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true.
EPSS
Процентиль: 15%
0.00048
Низкий
5.4 Medium
CVSS3