Health Check & Troubleshooting <= 1.2.3 – Authenticated Lack of Authorisation

Affects Plugins

health-check

Fixed in 1.2.4

References

URL

https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf

URL

https://plugins.trac.wordpress.org/changeset/2011772/health-check

Classification

Type

PRIVESC

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-269

Miscellaneous

Original Researcher

Julien Legras

Submitter

Julien Legras

Submitter website

https://www.synacktiv.com/

Verified

No

WPVDB ID

d7145f5c-d900-49dc-a424-57e57be4e31a

Timeline

Publicly Published

2019-01-25 (about 7 years ago)

Added

2019-01-28 (about 7 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2026-03-23

Title

WPBookit Pro <= 1.6.18 - Subscriber+ Privilege Escalation

Published

2026-04-08

Title

Cart Abandonment Recovery for WooCommerce < 2.1.0 - Shop Manager+ Privilege Escalation

Published

2026-04-27

Title

LatePoint < 5.4.2 - Agent+ Privilege Escalation

Published

2026-02-18

Title

IDonate 2.1.5 - 2.1.9 - Subscriber+ Account Takeover/Privilege Escalation

Published

2019-07-31

Title

ND Shortcodes For Visual Composer < 6.0 - Unauthenticated WP Options Update