Main Vulnerability Database SB2020101901

SB2020101901 - Improper access control in realia plugin for WordPress

Published: October 19, 2020

Security Bulletin ID SB2020101901

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to an IDOR issue. A remote attacker can send a specially crafted request with the post ID to delete and delete arbitrary posts.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://wpvulndb.com/vulnerabilities/10431/
https://gist.github.com/erwanlr/625a3a241a6bd59f18b8b048cedf1b41