WEB APPLICATION VULNERABILITIES Standard & Premium

WP Human Resource Management Security Bypass (2.2.14)

Description

WordPress Plugin WP Human Resource Management is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify plugin options. WordPress Plugin WP Human Resource Management version 2.2.14 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2.15 or latest

References

https://www.pluginvulnerabilities.com/2019/09/03/our-proactive-monitoring-caught-an-authenticated-option-update-vulnerability-being-introduced-in-to-wp-human-resource-management/

https://plugins.svn.wordpress.org/hrm/trunk/readme.txt

Related Vulnerabilities

WordPress 3.8.1 Multiple Vulnerabilities (3.8 - 3.8.1)

Real3D FlipBook Multiple Vulnerabilities (2.18.8)

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)

Squid Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-18860)

Internet Information Services Other Vulnerability (CVE-2007-2897)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Tags

Missing Update Authentication Bypass