PT-2023-30246 · WordPress · Wp Customer Reviews
Marco Wotschka
·
Publicado
2023-11-22
·
Atualizado
2023-11-27
·
CVE-2023-4686
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Customer Reviews plugin for WordPress versions up to and including 3.6.6
Description
The issue allows authenticated attackers to extract sensitive data, including post titles and slugs of protected and trashed posts and pages, as well as other post types like galleries, via the
ajax enabled posts function.Recommendations
For WP Customer Reviews plugin for WordPress versions up to and including 3.6.6, consider disabling the
ajax enabled posts function as a temporary workaround until a patch is available.Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wp Customer Reviews