1.1.1

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

featherplugins

CWE-862

NVD

Published: 2023-05-31

Updated: 2023-11-07

Summary

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin.

Vulnerable Configurations

Part	Description	Count
Application	Featherplugins Featherplugins Feather Login Page 1.0.7 Featherplugins Feather Login Page 1.1.1	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=cve
https://plugins.trac.wordpress.org/browser/feather-login-page/trunk/features/inc/admin/expirable-login-link.php?rev=2612332#L71