PT-2019-7764 · WordPress · Membersonic Lite
James Golovich
·
Publicado
2019-09-16
·
Atualizado
2019-09-18
·
CVE-2016-10971
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MemberSonic Lite plugin for WordPress versions prior to 1.302
Description
The issue is related to incorrect login access control. It allows access with only the knowledge of an e-mail address, which is insufficient for secure authentication.
Recommendations
For versions prior to 1.302, update to version 1.302 or later to resolve the issue.
Correção
Improper Privilege Management
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Membersonic Lite