Описание
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.
EPSS
Процентиль: 25%
0.00086
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
The Wux Blog Editor plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.0. This is due to missing validation on the token being supplied during the autologin through the plugin. This makes it possible for unauthenticated attackers to log in to the first administrator user.
EPSS
Процентиль: 25%
0.00086
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-288