CVE-2019-9574

Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The WP Human Resource Management plugin prior to 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mishubd wp human resource management

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I found several vulnerabilities from WordPress plugin hrm (WP Human Resource Management) where server side authorization checks are missing Plugin URL wordpressorg/plugins/hrm/ Affected 225 and possibly below Fixed in 226 according to developer who didn't respond to me, but communicat ...

CWE-862 https://wordpress.org/plugins/hrm/#developers http://www.securityfocus.com/bid/107464 http://www.openwall.com/lists/oss-security/2019/03/17/1 https://nvd.nist.gov http://seclists.org/oss-sec/2019/q1/181

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9574

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect