ND Shortcodes For Visual Composer < 6.0 - Unauthenticated WP Options Update



Description
Privilege escalation vulnerability that could allow an unauthenticated user to modify the settings of WordPress and to take over the blog and its database.

Please note that the vulnerability requires the blog to use one of the several themes from the author in order to exploit it, otherwise the settings page isn’t loaded

Affects Plugin

fixed in version 6.0

References

CVE 2019-15771
URL https://blog.nintechnet.com/privilege-escalation-vulnerability-in-wordpress-nd-shortcodes-for-visual-composer-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Views 2774
Verified No
WPVDB ID 9485

Timeline

Publicly Published 2019-07-31 (3 months ago)
Added 2019-07-31 (2 months ago)
Last Updated 2019-08-29 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin