What the vulnerability does
01Description
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through < 2.2.7.
Explanation of Vulnerability in Simple Terms
WP Docs versions 2.2.7 and earlier lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can alter data through the application's normal interfaces. The vulnerability affects the integrity of stored information but does not expose sensitive data or disrupt availability.
What an attacker can do
Modify or alter content in WP Docs that the attacker's account should not have permission to change.
Potential impact on your site
Unauthorized users can alter WP Docs content, risking data integrity and requiring audit or restoration of modified records.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site and network access to the application.
Key dates
External resources