exploitDog

GHSA-f4x4-cpmc-ghq4

Опубликовано: 07 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

Ссылки

EPSS

Процентиль: 34%

0.0014

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-3489

CVSS3: 5.3

nvd

больше 3 лет назад

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

EPSS

Процентиль: 34%

0.0014

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352