Settings Change Vulnerability in Total Security Plugin for WordPress
CVE-2016-10899

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Total Security
Vendor
CVE Published:
21 August 2019

Summary

The Total Security Plugin for WordPress, prior to version 3.4.1, has been identified to contain a settings change vulnerability. This flaw allows an attacker with access to the plugin settings to make unauthorized changes, potentially altering security configurations without proper permissions. Proper updates to the plugin are recommended to mitigate any risks associated with this security issue.

References

https://wordpress.org/plugins/total-security/#developers
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.