Unauthorized Contact Injection Vulnerability in DTracker v1.5 WordPress Plugin

Unauthorized Contact Injection Vulnerability in DTracker v1.5 WordPress Plugin

CVE-2017-1002007 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.

Learn more about our Wordpress Pen Testing.