Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE
Advisory | Patch | Confirmed | Link |
---|---|---|---|
http://www.vapidlabs.com/advisory.php?v=186 | |||
https://wordpress.org/plugins/dtracker/ | |||
96890 |