Taxonomy Manager - Moderately critical - Access bypass - SA-CONTRIB-2021-035

Project: Taxonomy ManagerDate: 2021-September-22Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypassDescription: This module provides a powerful interface for managing a taxonomy vocabulary. A vocabulary gets displayed in a dynamic tree view, where parent terms can be expanded to list their nested child terms or can be collapsed.
The module does not take the correct user permissions into account, allowing an attacker to delete and move terms.
The issue is mitigated by the fact that an attacker must have permission to create terms in the targeted vocabulary.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article