CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress upstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through <= 2.1.1.
Explanation of Vulnerability in Simple Terms
The UpStream Project Management plugin for WordPress does not properly check user permissions before allowing certain actions. A logged-in user with low privileges can modify data they should not have access to. The vulnerability affects all versions up to 2.1.1. Site administrators should update to a version newer than 2.1.1 when available.
What an attacker can do
A low-privilege logged-in user can modify data they lack authorization to change.
Potential impact on your site
Unauthorized users may alter project data, settings, or other protected content within the UpStream plugin.
Conditions required to exploit
Attacker must have a low-privilege WordPress user account on the site.
Key dates
External resources
Related vulnerabilities
