Описание
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
EPSS
Процентиль: 2%
0.00014
Низкий
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.3
github
3 месяца назад
The Make Email Customizer for WooCommerce WordPress plugin through 1.0.6 lacks proper authorization checks and option validation in its AJAX actions, allowing any authenticated user, such as a Subscriber, to update arbitrary WordPress options.
EPSS
Процентиль: 2%
0.00014
Низкий
5.3 Medium
CVSS3