7.5
CVE-2021-24881
- EPSS 0.82%
- Veröffentlicht 23.01.2023 15:15:13
- Zuletzt bearbeitet 02.04.2025 16:15:16
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPassster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage)
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.
Mögliche Gegenmaßnahme
Passster – Password Protect Pages and Content: Update to version 3.5.5.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Passster Project ≫ Passter SwPlatformwordpress Version < 3.5.5.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Passster – Password Protect Pages and Content
Version
*-3.5.5.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.523 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://wpscan.com/vulnerability/0967303d-ea49-4993-84eb-a7ec97240071
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ac2559a-c622-417c-a655-e92e8ac96770