What the vulnerability does
01Description
Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in bobbingwide oik oik allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects oik: from n/a through <= 4.15.1.
Explanation of Vulnerability in Simple Terms
The oik plugin for WordPress does not properly check user permissions before allowing access to certain functionality. An unauthenticated attacker can read limited sensitive information without needing to log in or interact with a site administrator. Update to version 4.15.4 or newer to resolve this issue.
What an attacker can do
Read limited sensitive information without authentication.
Potential impact on your site
Unauthorized users can access some sensitive data exposed by the oik plugin.
Conditions required to exploit
Network access to the WordPress site; no authentication or user interaction required.
Key dates
External resources