The Authenticator plugin for WordPress has a security vulnerability that could allow people with certain permissions to get around the normal authorization process. This vulnerability exists in versions up to and including 1.3.0 of the plugin. People with “”subscriber-level”” permissions and higher could generate tokens even though they were not supposed to be able to do so.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
