Enhancement: cves/2020/CVE-2020-9043.yaml by md
MostInterestingBotInTheWorld
parent
52ceb9403a
commit
1a9004fe7a
|
|
@ -1,16 +1,17 @@
|
||||||
id: CVE-2020-9043
|
id: CVE-2020-9043
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
|
name: WordPress wpCentral <1.5.1 - Information Disclosure
|
||||||
author: scent2d
|
author: scent2d
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key for Wordpress Admin Account.
|
WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/10074
|
- https://wpscan.com/vulnerability/10074
|
||||||
- https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/
|
- https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9043
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9043
|
||||||
- https://wordpress.org/plugins/wp-central/#developers
|
- https://wordpress.org/plugins/wp-central/#developers
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-9043
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 8.8
|
cvss-score: 8.8
|
||||||
|
|
@ -70,3 +71,5 @@ requests:
|
||||||
regex:
|
regex:
|
||||||
- '_wpnonce=([0-9a-z]+)'
|
- '_wpnonce=([0-9a-z]+)'
|
||||||
internal: true
|
internal: true
|
||||||
|
|
||||||
|
# Enhanced by md on 2023/04/04
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue