Vulnerabilities > CVE-2021-36917 - Missing Authorization vulnerability in Wpwave Hide MY WP 6.2.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
wpwave
CWE-862

Summary

WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.

Vulnerable Configurations

Part Description Count
Application
Wpwave
1

Common Weakness Enumeration (CWE)