exploitDog

GHSA-h9gw-q7wq-vrfv

Опубликовано: 16 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

Ссылки

EPSS

Процентиль: 66%

0.00513

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2023-4643

CVSS3: 8.8

nvd

больше 2 лет назад

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

EPSS

Процентиль: 66%

0.00513

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-502