关键信息 漏洞名称: WordPress CryptoCloud - Crypto Payment Gateway Plugin <= 2.1.2 is vulnerable to Broken Access Control 优先级: Medium priority 受影响版本: <= 2.1.2 官方修复: No official fix available 风险: This vulnerability is moderately dangerous and expected to become exploited. 漏洞类型: Broken Access Control 描述: A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user executing a certain higher privileged action. 软件状态: This software is likely abandoned! It was last updated over a year ago and will likely not receive further updates or fixes. 解决方案: Remove and replace software. This software was last updated over a year ago and will likely not receive further updates or fixes. Note that deactivating the software does not remove the security threat unless a vPatch is deployed. 详细信息: Due to the specific nature of this vulnerability, no virtual patch can be assigned to it. 时间线: - Reported by chilOn on May 2020 - Early warning sent out to Patchstack customers on 22 May 2020 - Published by Patchstack on 25 May 2020