newspaper Theme up to 6.7.1 on WordPress Access Control td_ajax_update_panel privileges management

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in newspaper Theme up to 6.7.1 on WordPress (WordPress Plugin) and classified as critical. This vulnerability affects the function td_ajax_update_panel of the component Access Control. Upgrading to version 6.7.2 eliminates this vulnerability.

Field09/17/2019 07:22 AM08/26/2020 10:18 PM
namenewspaper Themenewspaper Theme
version<=6.7.1<=6.7.1
platformWordPressWordPress
componentAccess ControlAccess Control
functiontd_ajax_update_paneltd_ajax_update_panel
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore5.65.6
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore8.58.5
cvss3_meta_tempscore7.47.4
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore6.36.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1568592000 (09/16/2019)1568592000 (09/16/2019)
locationExploit-DBExploit-DB
typeExploitExploit
urlhttps://www.exploit-db.com/exploits/39894https://www.exploit-db.com/exploits/39894
identifierEDB-ID 39894EDB-ID 39894
availability11
date1568592000 (09/16/2019)1568592000 (09/16/2019)
publicity11
urlhttps://www.exploit-db.com/exploits/39894https://www.exploit-db.com/exploits/39894
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version6.7.26.7.2
cveCVE-2016-10972CVE-2016-10972
exploitdb3989439894
seealso141828141828
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcURUR
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcRR
cvss3_nvd_basescore9.89.8
typeWordPress Plugin
cwe0269 (privilege escalation)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cve_assigned1568332800
cve_nvd_summaryThe newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
exploitdb_date1568592000 (09/16/2019)

Do you know our Splunk app?

Download it now for free!