ThreatPress

WordPress Vulnerability Database

Back

WordPress ElasticPress plugin <= 3.5.3 - Nonce Check Bypass vulnerability

Product
ElasticPress
Description
Nonce Check Bypass vulnerability found by Felipe Elia in WordPress ElasticPress plugin (versions <= 3.5.3).
Solution
Update the WordPress ElasticPress plugin to the latest available version (at least 3.5.4).
Classification
Type Bypass Vulnerability
OWASP Top 10 A2: Broken Authentication and Session Management
References
Vulnerability fix details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 3.5.3
Fixed In 3.5.4
Disclosure date
2021-02-12
Credits
Felipe Elia