exploitDog

GHSA-8xqw-5jx9-crgq

Опубликовано: 04 сент. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

Ссылки

EPSS

Процентиль: 33%

0.00134

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-4059

CVSS3: 4.3

nvd

больше 2 лет назад

The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog

EPSS

Процентиль: 33%

0.00134

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352