Описание
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Ссылки
- Release Notes
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.1 (исключая)Версия до 2.1.1 (исключая)
Одно из
cpe:2.3:a:melapress:melapress_login_security:*:*:*:*:free:wordpress:*:*
cpe:2.3:a:melapress:melapress_login_security:*:*:*:*:premium:wordpress:*:*
EPSS
Процентиль: 62%
0.00424
Низкий
5.3 Medium
CVSS3
8.2 High
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
10 месяцев назад
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
EPSS
Процентиль: 62%
0.00424
Низкий
5.3 Medium
CVSS3
8.2 High
CVSS3
Дефекты
CWE-862