PT-2026-60705 · Devozon · Fense Proxy & Vpn Blocker

·

CVE-2026-8616

·

Publicado

2026-07-17

·

Atualizado

2026-07-17

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
The Fense Proxy & VPN Blocker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce validation on the fense bpvt save settings() function in versions up to, and including, 3.0.1. The callback is registered to both wp ajax * and wp ajax nopriv * hooks and unconditionally calls delete option() on four plugin options and delete transient() on three transients tied to the plugin's API key cache and settings. This makes it possible for unauthenticated attackers to delete plugin options and transients, effectively resetting the plugin's API key/data cache and forcing the plugin to refetch state.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-8616

Produtos afetados

Fense Proxy & Vpn Blocker