Description

WordPress Plugin Absolute Privacy is prone to a security bypass vulnerability. Attackers can exploit this vulnerability to bypass authentication mechanism and gain administrative access to an affected application, which may aid in further attacks. WordPress Plugin Absolute Privacy version 2.0.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.6 or latest

References

http://wordpress.org/support/topic/absolute-privacy-badly-broken

http://secunia.com/advisories/48040/

Related Vulnerabilities

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-0792)

WordPress Plugin Donation Forms by Charitable-Donations & Fundraising Platform for WordPress Cross-Site Scripting (1.6.50)

Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797)

Oracle Database Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21066)

Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass