CVE-2020-13764

Sažetak

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.

Reference

https://docs.gravityforms.com/gravityforms-change-log/
https://github.com/wp-premium/gravityforms/compare/2.4.8...2.4.9

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-06-2020 - 17:58

Objavljeno

02-06-2020 - 21:15