PT-2019-19719 · WordPress · Wp Human Resource Management

Henri Salo

Publicado

2019-03-05

Atualizado

2020-08-24

CVE-2019-9574

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP Human Resource Management plugin versions prior to 2.2.6

Description The issue arises from the lack of proper role-based access control in the WP Human Resource Management plugin, allowing leave modifications to occur outside of the intended Administrator or HR Manager roles.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2019-9574

Produtos afetados

Wp Human Resource Management

PT-2019-19719 · WordPress · Wp Human Resource Management

CVE-2019-9574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5