exploitDog

GHSA-pp53-3m4v-vvmw

Опубликовано: 31 дек. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

Ссылки

EPSS

Процентиль: 100%

0.91252

Критический

9.8 Critical

CVSS3

CVE ID

Связанные уязвимости

CVE-2024-11972

CVSS3: 9.8

nvd

около 1 года назад

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed.

BDU:2024-11316

CVSS3: 9.8

fstec

около 1 года назад

Уязвимость функции permission_callback плагина Hunk Companion системы управления содержимым сайта WordPress, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)

EPSS

Процентиль: 100%

0.91252

Критический

9.8 Critical

CVSS3

CVE ID