WordPress WP Video Playlist Plugin Missing Authorization Vulnerability Allowing Settings Change
Vulnerability
A missing authorization vulnerability has been identified in the WP Video Playlist plugin by Sandeep Kumar, affecting versions through 1.1.2. This vulnerability allows for exploitation of incorrectly configured access control security levels, potentially leading to unauthorized changes in plugin settings.
Impact
Exploitation of this vulnerability could result in unauthorized changes to WP Video Playlist plugin settings, allowing attackers to manipulate video playlists without proper authorization.
Remediation
Patchstack has issued a virtual patch to automatically mitigate this vulnerability for users until an official fix is available. Instructions for applying this virtual patch can be found on the Patchstack website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.