Описание
The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_passkey() and passkeys_list() function in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete passkeys.
EPSS
Процентиль: 19%
0.00061
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
5 месяцев назад
The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_passkey() and passkeys_list() function in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete passkeys.
EPSS
Процентиль: 19%
0.00061
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862