exploitDog

GHSA-mvp7-wp4v-3h3h

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

Ссылки

EPSS

Процентиль: 30%

0.00109

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-34619

CVSS3: 8.8

nvd

больше 4 лет назад

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

BDU:2021-04503

CVSS3: 8.8

fstec

почти 5 лет назад

Уязвимость реализации сценария /woocommerce-stock-manager/trunk/admin/views/import-export.php функции импорта/экспорта плагина WooCommerce Stock Manager системы управления содержимым сайта WordPress, позволяющая нарушителю осуществить CSRF-атаку

EPSS

Процентиль: 30%

0.00109

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352