Описание
The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 5.3
github
7 месяцев назад
The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.
EPSS
Процентиль: 21%
0.00069
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-284