wp-private-content-plus Plugin up to 1.x on WordPress Settings save_settings_page 7pk security

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in wp-private-content-plus Plugin up to 1.x on WordPress (WordPress Plugin) and classified as critical. This vulnerability affects the function save_settings_page of the component Settings. Upgrading to version 2.0 eliminates this vulnerability.

Field08/31/2019 07:45 AM08/10/2020 04:36 PM
namewp-private-content-plus Pluginwp-private-content-plus Plugin
version<=1.x<=1.x
platformWordPressWordPress
componentSettingsSettings
functionsave_settings_pagesave_settings_page
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore7.47.4
cvss3_meta_tempscore7.17.1
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1567123200 (08/30/2019)1567123200 (08/30/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version2.02.0
cveCVE-2019-15816CVE-2019-15816
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore7.57.5
typeWordPress Plugin
cwe0254 (privilege escalation)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iH
cvss3_nvd_aN
cve_assigned1567036800
cve_nvd_summaryThe wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

Do you want to use VulDB in your project?

Use the official API to access entries easily!