ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Health Check & Troubleshooting plugin <= 1.2.3 - Authenticated Lack of Authorisation (privilege escalation) vulnerability

Product
Health Check & Troubleshooting
Description
Authenticated Lack of Authorisation vulnerability found by Julien Legras in WordPress Health Check & Troubleshooting plugin (versions <= 1.2.3).
Solution
Update the WordPress Health Check & Troubleshooting plugin to the latest available version (at least 1.2.4).
Classification
Type Unknown
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.3
Fixed In 1.2.4
Disclosure date
2019-01-28
Credits
Julien Legras
Submitter
ThreatPress