Headline
CVE-2022-41839: WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability - Patchstack
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
Verified
Fixed
5.3
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 1.6.2
PSID
1054f2ff8a05
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-11-07
Details
Broken Access Control vulnerability leading to unauth. changing of Opt-In or Opt-Out tracking settings discovered by Nguyen Anh Tien (Patchstack Alliance) in the WordPress LoginPress plugin (versions <= 1.6.2).
Solution
Update the WordPress LoginPress plugin to the latest available version (at least 1.6.3).
References