daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-9043.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-04 16:24:16 -04:00
parent 52ceb9403a
commit 1a9004fe7a
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cves/2020/CVE-2020-9043.yaml
View File

@ -1,16 +1,17 @@
id: CVE-2020-9043
info:
name: WordPress wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation
name: WordPress wpCentral <1.5.1 - Information Disclosure
author: scent2d
severity: high
description: |
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key for Wordpress Admin Account.
WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://wpscan.com/vulnerability/10074
- https://www.wordfence.com/blog/2020/02/vulnerability-in-wpcentral-plugin-leads-to-privilege-escalation/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9043
- https://wordpress.org/plugins/wp-central/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2020-9043
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -70,3 +71,5 @@ requests:
regex:
- '_wpnonce=([0-9a-z]+)'
internal: true
# Enhanced by md on 2023/04/04