What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.
Explanation of Vulnerability in Simple Terms
WPCHURCH versions up to 2.7.0 contain an improper access control vulnerability that allows authenticated users with low privileges to read, modify, or delete sensitive data and disrupt site operations. The vulnerability requires a valid user account but no additional user interaction. Site administrators should update immediately to a version newer than 2.7.0.
What an attacker can do
Read, modify, or delete sensitive data; disrupt site availability with a valid user account.
Potential impact on your site
Authenticated users can access or alter data beyond their intended permissions, compromising site integrity and availability.
Conditions required to exploit
Attacker must have a low-privilege user account on the site; no user interaction required.
Key dates
External resources