exploitDog

GHSA-jgc9-7v68-88ff

Опубликовано: 26 нояб. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8.6

Описание

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Ссылки

EPSS

Процентиль: 11%

0.00037

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-12061

CVSS3: 8.6

nvd

2 месяца назад

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

EPSS

Процентиль: 11%

0.00037

Низкий

8.6 High

CVSS3

CVE ID

Дефекты

CWE-352