Checkview Automated Testing
Monthly
Missing authorization in the CheckView Automated Testing WordPress plugin (versions 2.1.0 and earlier) lets remote unauthenticated attackers reach functionality that should be access-controlled, enabling unauthorized modification of site data or test/automation state. The CVSS 3.1 vector (7.5, AV:N/AC:L/PR:N/UI:N) reflects a network-reachable, no-interaction flaw with high integrity impact but no confidentiality or availability loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Missing authorization in the CheckView Automated Testing WordPress plugin (versions 2.1.0 and earlier) lets remote unauthenticated attackers reach functionality that should be access-controlled, enabling unauthorized modification of site data or test/automation state. The CVSS 3.1 vector (7.5, AV:N/AC:L/PR:N/UI:N) reflects a network-reachable, no-interaction flaw with high integrity impact but no confidentiality or availability loss. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.