exploitDog

GHSA-m49w-ph7r-f4pq

Опубликовано: 08 фев. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example

Ссылки

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

CWE-352

CWE-862

CWE-863

Связанные уязвимости

CVE-2021-24993

CVSS3: 6.5

nvd

около 4 лет назад

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example

EPSS

Процентиль: 39%

0.00175

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

CWE-352

CWE-862

CWE-863