exploitDog

GHSA-3jhf-hf27-8fww

Опубликовано: 22 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

Ссылки

EPSS

Процентиль: 98%

0.50291

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2015-10140

CVSS3: 8.8

nvd

7 месяцев назад

The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.

EPSS

Процентиль: 98%

0.50291

Средний

8.8 High

CVSS3

CVE ID

Дефекты

CWE-862