exploitDog

GHSA-phjg-gj5x-8j96

Опубликовано: 15 янв. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

Ссылки

EPSS

Процентиль: 99%

0.88479

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-6623

CVSS3: 9.8

nvd

около 2 лет назад

The Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.

EPSS

Процентиль: 99%

0.88479

Высокий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-22