WordPress Plugin Vulnerabilities

Health Check & Troubleshooting < 1.2.4 - Missing Authorization Checks

Description

The plugin is missing capability checks in several AJAX actions, allowing users with a role as low as Subscriber to perform privileged actions.

Affects Plugins

Plugin icon
health-check
Fixed in 1.2.4

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
6.3 (medium)

Miscellaneous

Original Researcher
Julien Legras
Verified
No
WPVDB ID
63052402-a5f3-498d-850c-eeed91c6a251

Timeline

Publicly Published
2022-12-05 (about 1 years ago)
Added
2023-05-25 (about 11 months ago)
Last Updated
2023-05-25 (about 11 months ago)

Other

Published
Title
Published
2022-11-28
Title
WP Shamsi < 4.1.1 - Unauthenticated Arbitrary Plugin Deactivation
Published
2024-02-27
Title
Coming Soon Page & Maintenance Mode < 2.2.2 - Maintenance Mode Bypass
Published
2022-03-28
Title
RSVP and Event Management < 2.7.8 - Unauthenticated Entries Export
Published
2023-10-19
Title
Taggbox <= 3.3 - Missing Authorization
Published
2022-08-08
Title
Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure