exploitDog

GHSA-8mrp-4c3v-3mjr

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

Ссылки

EPSS

Процентиль: 33%

0.0013

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-36504

CVSS3: 6.5

nvd

больше 4 лет назад

The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog

EPSS

Процентиль: 33%

0.0013

Низкий

CVE ID

Дефекты

CWE-352