Funnel Builder by CartFlows < 1.3.1 - Authenticated Arbitrary Plugin Activation



Description
Issue allowing any authenticated user to active a plugin on the blog.

Affects Plugin

References

URL https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher Jerome Bruandet
Views 3921
Verified No
WPVDB ID 9941

Timeline

Publicly Published 2019-11-07 (about 1 month ago)
Added 2019-11-07 (about 1 month ago)
Last Updated 2019-11-28 (14 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin