CVE-2017-1002006

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
larry_cashdollarCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
dtracker_projectdtracker
1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96890
http://www.vapidlabs.com/advisory.php?v=186
https://wordpress.org/plugins/dtracker/
http://www.securityfocus.com/bid/96890
http://www.vapidlabs.com/advisory.php?v=186
https://wordpress.org/plugins/dtracker/