GHSA-7crf-mwwj-hvjp

Опубликовано: 27 фев. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.3

CVSS3: 9.8

Описание

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-0767
https://co.wordpress.org/plugins/wp-security-audit-log
https://fluidattacks.com/advisories/skims-9

EPSS

Процентиль: 47%

0.00241

Низкий

6.3 Medium

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-0767

Дефекты

CWE-502

Связанные уязвимости

CVE-2025-0767

CVSS3: 9.8

nvd

12 месяцев назад

WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

EPSS

Процентиль: 47%

0.00241

Низкий

6.3 Medium

CVSS4

9.8 Critical

CVSS3

CVE ID

CVE-2025-0767

Дефекты

CWE-502