CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18584 – Post Pay Counter < 2.731 - Arbitrary Settings Change
https://notcve.org/view.php?id=CVE-2017-18584
The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action. El complemento post-pay-counter en versiones anteriores a 2.731 para WordPress no tiene verificación de permisos para una acción de configuración de actualización. The Post Pay Counter plugin before 2.731 for WordPress has no permissions check for an update-settings action. • https://wordpress.org/plugins/post-pay-counter/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18583 – Post Pay Counter < 2.731 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection. El plugin post-pay-counter en versiones anteriores a 2.731 para WordPress tiene inyección de objetos PHP. The Post Pay Counter plugin before 2.731 for WordPress has PHP Object Injection via deserialization of untrusted input via the 'import_settings_content' parameter. • https://wordpress.org/plugins/post-pay-counter/#developers • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-502: Deserialization of Untrusted Data •