exploitDog

GHSA-fw39-qr37-3qq3

Опубликовано: 16 авг. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Ссылки

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2023-0551

CVSS3: 5.4

nvd

больше 2 лет назад

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-284