Key Information Vulnerability Name: WordPress Wordapp Plugin <= 1.7.0 is vulnerable to Broken Access Control Priority: Low priority (which unreasonably) Affected Versions: <= 1.7.0 Official Fix: No official fix available Risk: CVSS v3.1 - Broken Access Control: A broken access control issue refers to a missing authorization, authentication, or nonce token check in a function that could lead to an unprivileged user executing a certain higher-privileged action. Warning: This software is likely abandoned! This software was last updated over a year ago and will likely not receive further updates or fixes. Urgently consider replacing the software with an alternative. Solution: Remove and replace software. This security issue has a low severity impact and is unlikely to be exploited. Details: - Software: Wordapps - Type: Plugin - Vulnerable Versions: <= 1.7.0 - Discovery Date: N/A Timeline: - Reporter: HiLog - Report Date: 29 Apr 2020 - Publisher: Patchstack - Publish Date: 15 Jun 2020