The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.
References
Link | Resource |
---|---|
https://blog.nintechnet.com/unauthenticated-options-change-vulnerability-in-wordpress-wp-private-content-plus-plugin/ | Exploit Third Party Advisory |
https://wordpress.org/plugins/wp-private-content-plus/#developers | Product Third Party Advisory |
https://wpvulndb.com/vulnerabilities/9817 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-30T12:28:13
Updated: 2019-08-31T15:06:04
Reserved: 2019-08-29T00:00:00
Link: CVE-2019-15816
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-30T13:15:11.297
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-15816
JSON object: View
Redhat Information
No data.