漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
Vulnerability Description
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
WordPress 插件安全漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 的Page/Post Content Shortcode 插件 1.0及之前版本存在安全漏洞,该漏洞源于未适当的授权。攻击者可利用该漏洞访问不应允许访问的草稿/私人/密码保护/垃圾帖子/页面,包括管理员和编辑等其他用户创建的帖子。
CVSS Information
N/A
Vulnerability Type
N/A