What the vulnerability does
01Description
Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Missing Authorization vulnerability in solacewp Solace solace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Solace: from n/a through <= 2.1.16.
Explanation of Vulnerability in Simple Terms
Solace versions up to 2.1.16 lack proper authorization checks, allowing authenticated users to modify content they should not have access to. An attacker with a low-privilege account can change data belonging to other users or restricted areas of the site. The vulnerability requires an existing user account but no additional user interaction.
What an attacker can do
Modify or change content and data belonging to other users or restricted site areas.
Potential impact on your site
Unauthorized users can alter site content, user data, or settings they should not be able to access.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources