The Avalex plugin for WordPress is vulnerable to unauthorized changes in data due to a lack of security check on the saveApiKey() function. This function was hooked via admin_init in all versions of the plugin up to version 3.0.8. Because of this, unauthenticated attackers can modify the API key for the plugin.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
