Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress Give 授权问题漏洞
Vulnerability Description
WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Give是使用在其中的一个筹款平台插件。 WordPress Give 2.5.5之前版本中存在授权问题漏洞。攻击者可利用该漏洞绕过API的身份验证并访问个人验证信息(PII),包括名称,地址,IP地址和邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A