Описание
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
Ссылки
- Product
- Patch
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.38.9 (исключая)
cpe:2.3:a:ip2location:country_blocker:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 32%
0.00129
Низкий
7.5 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-285
CWE-862
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() function. This makes it possible for unauthenticated attackers to view the plugin's settings.
EPSS
Процентиль: 32%
0.00129
Низкий
7.5 High
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-285
CWE-862