What the vulnerability does
01Description
Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Wordapp Team Wordapp wordapp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wordapp: from n/a through <= 1.7.0.
Explanation of Vulnerability in Simple Terms
Wordapp versions up to 1.7.0 contain an authorization flaw that allows authenticated users to access sensitive information they should not be able to view. An attacker with a low-privilege account can read data belonging to other users or the system without additional interaction. The vulnerability does not allow modification or deletion of data, only unauthorized disclosure.
What an attacker can do
Read sensitive information belonging to other users or the system.
Potential impact on your site
User data and system information may be exposed to any authenticated account holder, even those with restricted permissions.
Conditions required to exploit
Attacker must have a valid low-privilege account on the Wordapp instance.
Key dates
External resources