Vulnerabilities > CVE-2019-9574 - Missing Authorization vulnerability in Mishubd WP Human Resource Management

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mishubd
CWE-862

Summary

The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.

Common Weakness Enumeration (CWE)