Wordable < 3.1.2 - Plugin's Authentication Bypass



Description
"This could allow an unauthenticated user to bypass the plugin authentication process and temporarily gain administrative privileges, allowing the publication of pages and posts on the blog, as well as the upload of media files."

Affects Plugin

fixed in version 3.1.2

References

URL https://blog.nintechnet.com/wordpress-plugins-and-themes-vulnerabilities-roundup/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Views 424
Verified No
WPVDB ID 10251

Timeline

Publicly Published 2020-01-28 (6 months ago)
Added 2020-06-03 (about 1 month ago)
Last Updated 2020-06-04 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin