exploitDog

GHSA-9887-33qw-3wcg

Опубликовано: 12 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .

Ссылки

EPSS

Процентиль: 4%

0.00018

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2025-10684

CVSS3: 4.3

nvd

около 2 месяцев назад

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .

EPSS

Процентиль: 4%

0.00018

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287