Описание
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
Ссылки
- Product
- Patch
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.38.9 (исключая)
cpe:2.3:a:ip2location:country_blocker:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 63%
0.00452
Низкий
7.5 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-285
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
12 месяцев назад
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
EPSS
Процентиль: 63%
0.00452
Низкий
7.5 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-285
CWE-862