PT-2019-7764 · WordPress · Membersonic Lite
James Golovich
·
Published
2019-09-16
·
Updated
2019-09-18
·
CVE-2016-10971
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MemberSonic Lite plugin for WordPress versions prior to 1.302
Description
The issue is related to incorrect login access control. It allows access with only the knowledge of an e-mail address, which is insufficient for secure authentication.
Recommendations
For versions prior to 1.302, update to version 1.302 or later to resolve the issue.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Membersonic Lite