Описание
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
Ссылки
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.41 (исключая)
cpe:2.3:a:medialibs:webo-facto:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 53%
0.00302
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on the 'doSsoAuthentification' function. This makes it possible for unauthenticated attackers to make themselves administrators by registering with a username that contains '-wfuser'.
EPSS
Процентиль: 53%
0.00302
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo