CVE-2016-10929

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Advanced Ajax Page Loader
Vendor
CVE Published:
22 August 2019

Summary

The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.

References

https://wordpress.org/plugins/advanced-ajax-page-loader/#...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.