The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-06-07T01:51:51.674Z
Updated: 2023-06-07T01:51:51.674Z
Reserved: 2023-06-06T13:42:00.092Z
Link: CVE-2019-25151
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-07T02:15:10.843
Modified: 2023-11-07T03:09:22.350
Link: CVE-2019-25151
JSON object: View
Redhat Information
No data.
CWE