31-05-2023 00:02
cve-2023-2987 Vulnerabilidad documentada
9.8 CRITICAL
The Wordapp plugin for WordPress is vulnerable to authorization bypass due an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible unauthenticated attackers change 'validation_token' config, providing access plugin's remote control functionalities, such as creating admin URL, which can be used privilege escalation.
http://cwe.mitre.org/data/definitions/345.html CWE-345 Insufficient Verification Data Authenticity