The CMP for WordPress is vulnerable... CVE-2020-36730

- AV AC AU C I A
发布: 2023-06-07
修订: 2024-11-21

The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on the cmp_get_post_detail(), niteo_export_csv(), and cmp_disable_comingsoon_ajax() functions in versions up to, and including, 3.8.1. This makes it possible for unauthenticated attackers to read posts, export subscriber lists, and/or deactivate the plugin.

0%
暂无可用Exp或PoC
当前有1条受影响产品信息