exploitDog

GHSA-3rvq-3fc5-4w68

Опубликовано: 13 сент. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

Ссылки

EPSS

Процентиль: 37%

0.0016

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-7864

CVSS3: 6.5

nvd

больше 1 года назад

The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitrary files on the server

EPSS

Процентиль: 37%

0.0016

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-352