wp-private-content-plus Plugin up to 1.x on WordPress Settings save_settings_page 7pk security
A vulnerability has been found in wp-private-content-plus Plugin up to 1.x on WordPress (WordPress Plugin) and classified as critical. This vulnerability affects the function save_settings_page of the component Settings. Upgrading to version 2.0 eliminates this vulnerability.
| Field | 08/31/2019 07:45 AM | 08/10/2020 04:36 PM |
|---|---|---|
| name | wp-private-content-plus Plugin | wp-private-content-plus Plugin |
| version | <=1.x | <=1.x |
| platform | WordPress | WordPress |
| component | Settings | Settings |
| function | save_settings_page | save_settings_page |
| risk | 2 | 2 |
| cvss2 | 7.5 | 7.5 |
| cvss2 | 6.5 | 6.5 |
| cvss2 | N | N |
| cvss2 | L | L |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | P | P |
| cvss2 | P | P |
| cvss3 | 7.4 | 7.4 |
| cvss3 | 7.1 | 7.1 |
| cvss3 | 7.3 | 7.3 |
| cvss3 | 7.0 | 7.0 |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | N | N |
| cvss3 | U | U |
| cvss3 | L | L |
| cvss3 | L | L |
| cvss3 | L | L |
| date | 1567123200 (08/30/2019) | 1567123200 (08/30/2019) |
| price | $0-$5k | $0-$5k |
| name | Upgrade | Upgrade |
| upgrade | 2.0 | 2.0 |
| cve | CVE-2019-15816 | CVE-2019-15816 |
| cvss2 | ND | ND |
| cvss2 | OF | OF |
| cvss2 | ND | ND |
| cvss3 | X | X |
| cvss3 | O | O |
| cvss3 | X | X |
| cvss3 | 7.5 | 7.5 |
| type | WordPress Plugin | |
| cwe | 0 | 254 (privilege escalation) |
| cvss2 | N | |
| cvss2 | L | |
| cvss2 | N | |
| cvss2 | N | |
| cvss2 | P | |
| cvss2 | N | |
| cvss3 | N | |
| cvss3 | L | |
| cvss3 | N | |
| cvss3 | N | |
| cvss3 | U | |
| cvss3 | N | |
| cvss3 | H | |
| cvss3 | N | |
| cve | 1567036800 | |
| cve | The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. |
Do you want to use VulDB in your project?
Use the official API to access entries easily!