exploitDog

GHSA-mp5c-f63g-9v5h

Опубликовано: 08 фев. 2022

Источник: github

Github: Не прошло ревью

Описание

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.

Ссылки

EPSS

Процентиль: 36%

0.00153

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-24843

CVSS3: 6.5

nvd

почти 4 года назад

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action.

EPSS

Процентиль: 36%

0.00153

Низкий

CVE ID

Дефекты

CWE-352