CVE-2017-1002006

Name of the Vulnerable Software and Affected Versions DTracker version 1.5

Description The issue concerns a lack of authorization check in the DTracker plugin for WordPress. Specifically, the code in dtracker/save contact.php does not verify user authorization before adding new contacts to the wp contact table.

Recommendations For DTracker version 1.5, consider disabling the save contact.php functionality until a patch is available to prevent unauthorized injection of contacts into the database. Restrict access to the dtracker/save contact.php file to minimize the risk of exploitation.