← back
CVE-2019-6703

CVE-2019-6703

EPSS 26.1%◆ VulnCheck KEV
Vexday Risk Score
45Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 26.1%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
27 Jan 2019Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call the miglaA_update_me action to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator.
Affected products
n/a · n/a