Description

WordPress Plugin WP SEO TDK is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change the title of frontend pages. WordPress Plugin WP SEO TDK version 2.0.2 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.pluginvulnerabilities.com/2019/06/20/checking-the-security-of-fast-growing-wordpress-plugins-would-be-a-good-idea/

Related Vulnerabilities

WordPress Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-6762)

MySQL CVE-2017-3320 Vulnerability (CVE-2017-3320)

Oracle Application Server CVE-2010-0066 Vulnerability (CVE-2010-0066)

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)

WordPress Plugin Concours Cross-Site Scripting (1.1)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass