Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-7vmh-92c8-vp9r

Опубликовано: 28 окт. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.

Ссылки

EPSS

Процентиль: 39%
0.00175
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-5425

Дефекты

CWE-862

Связанные уязвимости

nvd логотип

CVE-2023-5425

CVSS3: 8.8
nvd
больше 2 лет назад

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.

fstec логотип

BDU:2023-07529

CVSS3: 8.8
fstec
больше 2 лет назад

Уязвимость функций pmdm_wp_change_user_meta и pmdm_wp_change_post_meta плагина Post Meta Data Manager для системы управления содержимым сайта WordPress, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 39%
0.00175
Низкий

8.8 High

CVSS3

CVE ID

CVE-2023-5425

Дефекты

CWE-862