Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update
13Vexday Risk Score
Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.
ssvc Trackcvss 4.3epss 0.2%
probabilidad de explotación
0.2%top 95% de las CVE
explotación observada
noninguna fuente lo reporta
The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
metodiew · Quote Comments