Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5j93-rp4g-9wxp

Опубликовано: 24 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.

Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.

Ссылки

EPSS

Процентиль: 56%
0.00333
Низкий

CVE ID

CVE-2015-5483

Связанные уязвимости

nvd логотип

CVE-2015-5483

CVSS3: 8.8
nvd
около 6 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add users, (2) delete posts, or (3) modify PHP files via unspecified vectors, or (4) conduct cross-site scripting (XSS) attacks via the po_logo parameter in the privateonly.php page to wp-admin/options-general.php.

EPSS

Процентиль: 56%
0.00333
Низкий

CVE ID

CVE-2015-5483