exploitDog

GHSA-q438-9265-rccj

Опубликовано: 16 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

Ссылки

EPSS

Процентиль: 73%

0.00762

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2023-3279

CVSS3: 4.9

nvd

больше 2 лет назад

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

EPSS

Процентиль: 73%

0.00762

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-22