exploitDog

GHSA-4rv2-f267-rh4v

Опубликовано: 02 фев. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

Ссылки

EPSS

Процентиль: 31%

0.0012

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

CWE-352

CWE-863

Связанные уязвимости

CVE-2021-25097

CVSS3: 6.5

nvd

около 4 лет назад

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

EPSS

Процентиль: 31%

0.0012

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

CWE-352

CWE-863