newspaper Theme up to 6.7.1 on WordPress Access Control td_ajax_update_panel privileges management

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in newspaper Theme up to 6.7.1 on WordPress (WordPress Plugin) and classified as critical. This vulnerability affects the function td_ajax_update_panel of the component Access Control. Upgrading to version 6.7.2 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
936901708/26/2020VulD...exploitdb_date1568592000 (09/16/2019)exploit-db.com08/26/2020accepted100
936901508/26/2020VulD...cve_nvd_summaryThe newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.mitre.org08/26/2020accepted100
936901408/26/2020VulD...cve_assigned1568332800mitre.org08/26/2020accepted100
936900008/26/2020VulD...cvss3_nvd_aHnist.gov08/26/2020accepted100
936899908/26/2020VulD...cvss3_nvd_iHnist.gov08/26/2020accepted100
936899808/26/2020VulD...cvss3_nvd_cHnist.gov08/26/2020accepted100
936899708/26/2020VulD...cvss3_nvd_sUnist.gov08/26/2020accepted100
936899608/26/2020VulD...cvss3_nvd_uiNnist.gov08/26/2020accepted100
936899508/26/2020VulD...cvss3_nvd_prNnist.gov08/26/2020accepted100
936899408/26/2020VulD...cvss3_nvd_acLnist.gov08/26/2020accepted100
936899308/26/2020VulD...cvss3_nvd_avNnist.gov08/26/2020accepted100
936898008/26/2020VulD...cvss2_nvd_aiPnist.gov08/26/2020accepted100
936897908/26/2020VulD...cvss2_nvd_iiPnist.gov08/26/2020accepted100
936897808/26/2020VulD...cvss2_nvd_ciPnist.gov08/26/2020accepted100
936897708/26/2020VulD...cvss2_nvd_auNnist.gov08/26/2020accepted100
936897608/26/2020VulD...cvss2_nvd_acLnist.gov08/26/2020accepted100
936897508/26/2020VulD...cvss2_nvd_avNnist.gov08/26/2020accepted100
936896508/26/2020VulD...cwe269 (privilege escalation)08/26/2020accepted100
936895908/26/2020VulD...typeWordPress Plugin08/26/2020accepted100
936902509/17/2019VulD...cvss3_nvd_basescore9.8nist.gov09/17/2019accepted90

Interested in the pricing of exploits?

See the underground prices here!