关键信息 漏洞类型: Broken Access Control 受影响版本: WordPress AnalyticsWP Plugin <= 2.0.0 风险等级: Low priority (white/unnecessary) 官方修复: No official fix available 报告日期: 18 April 2020 发布者: Patchstack 描述: - A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. - This is a general description of this vulnerability type, specifically impact varies case by case. CSSS source is a way to escalate and make internal vulnerabilities in a standard and end responsible way, but it is not ideal for CMSes. 解决方案: - This security issue has a low severity impact and is unlikely to be exploited. 时间线: - Reported by Trương Hữu Phúc (truonghuuphuc) on 18 April 2020 - Early warning sent out to Patchstack customers on 18 April 2020 - Published by Patchstack on 20 Nov 2020