PT-2019-19719 · WordPress · Wp Human Resource Management

Henri Salo

Published

2019-03-05

Updated

2020-08-24

CVE-2019-9574

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions WP Human Resource Management plugin versions prior to 2.2.6

Description The issue arises from the lack of proper role-based access control in the WP Human Resource Management plugin, allowing leave modifications to occur outside of the intended Administrator or HR Manager roles.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-9574

Affected Products

Wp Human Resource Management

PT-2019-19719 · WordPress · Wp Human Resource Management

CVE-2019-9574

Weakness Enumeration

Related Identifiers

Affected Products

References · 5