Search Exclude < 1.2.4 - Arbitrary Settings Change



Description
Unauthenticated plugin settings change via admin_init
Authenticated plugin settings change via AJAX

Affects Plugin

fixed in version 1.2.4

References

CVE 2019-15895
URL https://blog.nintechnet.com/settings-change-vulnerability-in-wordpress-search-exclude-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 3019
Verified No
WPVDB ID 9870

Timeline

Publicly Published 2019-09-07 (16 days ago)
Added 2019-09-07 (16 days ago)
Last Updated 2019-09-07 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin