wp-private-content-plus Plugin till 1.x på WordPress Settings save_settings_page privilegier eskalering

inträdeeditHistoryDiffjsonxmlCTI

I wp-private-content-plus Plugin till 1.x på WordPress (WordPress Plugin) var en kritiskt svag punkt finns. Som påverkar funktionen save_settings_page av komponenten Settings. En uppgradering till den version 2.0 att åtgärda problemet.

Fält31/08/2019 07:4510/08/2020 16:36
namewp-private-content-plus Pluginwp-private-content-plus Plugin
version<=1.x<=1.x
platformWordPressWordPress
componentSettingsSettings
functionsave_settings_pagesave_settings_page
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore7.47.4
cvss3_meta_tempscore7.17.1
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1567123200 (30/08/2019)1567123200 (30/08/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version2.02.0
cveCVE-2019-15816CVE-2019-15816
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
cvss3_nvd_basescore7.57.5
typeWordPress Plugin
cwe0254 (privilegier eskalering)
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iH
cvss3_nvd_aN
cve_assigned1567036800
cve_nvd_summaryThe wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

Interested in the pricing of exploits?

See the underground prices here!