exploitDog

GHSA-83w6-ppfq-rfhf

Опубликовано: 06 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts.

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts.

Ссылки

EPSS

Процентиль: 68%

0.00581

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862

Связанные уязвимости

CVE-2023-5454

CVSS3: 7.5

nvd

больше 2 лет назад

The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.

EPSS

Процентиль: 68%

0.00581

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-284

CWE-862