PT-2023-20087 · WordPress · Feather Login Page
István Márton
+1
·
Published
2023-05-31
·
Updated
2023-06-06
·
CVE-2023-2547
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1
Description
The issue allows authenticated attackers with subscriber-level permissions and above to delete temporary users generated by the plugin due to a missing capability check on the
deleteUser function.Recommendations
For Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1, consider disabling the
deleteUser function until a patch is available to prevent unauthorized data loss.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Feather Login Page