WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Authenticator Denial of Service (1.3.0)

Description

WordPress Plugin Authenticator is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to cause the affected website to deny users access to it's functionality in certain configurations. WordPress Plugin Authenticator version 1.3.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.1 or latest

References

https://wpscan.com/vulnerability/802a2139-ab48-4281-888f-225e6e3134aa

https://plugins.svn.wordpress.org/authenticator/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Related Posts for WordPress Cross-Site Scripting (2.0.3)

Lodash Other Vulnerability (CVE-2020-28500)

WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624)

WordPress Plugin Wordpress Forms Multiple Vulnerabilities (0.2.7.1)

Severity

High

Classification

CVE-2022-3994 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service