Unauthenticated Options Change in Search Exclude Plugin for WordPress
CVE-2019-15895

7.5HIGH

Key Information:

Vendor

Wordpress
Status
Search Exclude
Vendor
CVE Published:
9 September 2019

What is CVE-2019-15895?

The Search Exclude plugin for WordPress, prior to version 1.2.4, contains a vulnerability where unauthenticated users can modify plugin settings via search-exclude.php. This flaw poses a risk to the integrity of the website's search functionalities, potentially leading to unauthorized alterations in search exclusion settings, affecting content visibility.

References

https://wordpress.org/plugins/search-exclude/#developers
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9870
x_refsource_MISC
https://blog.nintechnet.com/settings-change-vulnerability...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.