Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://www.vapidlabs.com/advisory.php?v=186 | |||
| https://wordpress.org/plugins/dtracker/ | |||
| 96890 |