exploitDog

GHSA-93gr-9vgp-hf59

Опубликовано: 10 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

Ссылки

EPSS

Процентиль: 23%

0.00074

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2025-4954

CVSS3: 8.8

nvd

8 месяцев назад

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

EPSS

Процентиль: 23%

0.00074

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-434