6.5
CVE-2020-9514
- EPSS 0.96%
- Veröffentlicht 07.04.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:40:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page).
Mögliche Gegenmaßnahme
IMPress for IDX Broker: Update to version 2.6.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Idxbroker ≫ Impress For Idx Broker SwEditionplatinum SwPlatformwordpress Version < 2.6.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
IMPress for IDX Broker
Version
[*, 2.6.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.96% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wordpress.org/plugins/idx-broker-platinum/#developers
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-impress-for-idx-broker/
https://www.wordfence.com/threat-intel/vulnerabilities/id/426ea88f-bdd4-4da6-88c2-db82df9e01e5