Improper access control in Private Taxonomy Terms - #VU71353

 

Improper access control in Private Taxonomy Terms - #VU71353

Published: January 19, 2023


Vulnerability identifier: #VU71353
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: mvidelgauz
Affected software:
Private Taxonomy Terms

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected plugin does not enforce permissions appropriately for the taxonomy overview page and overview form. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.


Remediation

Install updates from vendor's website.

Sources