2 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. Vulnerabilidad de autorización faltante en SedLex Traffic Manager. Este problema afecta a Traffic Manager: desde n/a hasta 1.4.5. The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on an unknown function in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access functionality or information not intended for them. • https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-multiple-vulnerabilities?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. Vulnerabilidad de Control de Acceso Roto que conduce a Cross-Site Scripting (XSS) Almacenado en el complemento Traffic Manager en WordPress en versiones &lt;= 1.4.5. The Traffic Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/traffic-manager/wordpress-traffic-manager-plugin-1-4-5-broken-access-control-vulnerability-leading-to-stored-cross-site-scripting-xss?_s_id=cve https://wordpress.org/plugins/traffic-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •