ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Search Exclude plugin <= 1.2.2 - Arbitrary Settings Change vulnerability

Product
Search Exclude
Description
Arbitrary Settings Change vulnerability found by Jerome Bruandet in WordPress Search Exclude plugin (versions <= 1.2.2).
Solution
Update the WordPress Search Exclude plugin to the latest available version (at least 1.2.4).
Classification
Type Unknown
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-2019-15895
Versions
Affected In <= 1.2.2
Fixed In 1.2.4
Disclosure date
2019-09-08
Credits
Jerome Bruandet (Nintechnet)
Submitter
ThreatPress