Feather Login Page Plugin for WordPress: Unauthorized Access and Privilege Escalation Vulnerability

Feather Login Page Plugin for WordPress: Unauthorized Access and Privilege Escalation Vulnerability

CVE-2023-2545 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.

Learn more about our Wordpress Pen Testing.