- Description
- The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-862
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xlplugins:finale:*:*:*:*:lite:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "0DD93867-4B69-4D2F-825B-FEAC2DD4A29E",
"versionEndExcluding": "2.18.0"
},
{
"criteria": "cpe:2.3:a:xlplugins:nextmove:*:*:*:*:lite:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "C496ECE9-B570-4E79-A3F1-F79976B9040B",
"versionEndExcluding": "2.18.1"
}
],
"operator": "OR"
}
]
}
]