exploitDog

GHSA-qqj4-453q-5665

Опубликовано: 12 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.2

Описание

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

Ссылки

EPSS

Процентиль: 79%

0.01214

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-1008

CVSS3: 7.2

nvd

почти 4 года назад

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

EPSS

Процентиль: 79%

0.01214

Низкий

7.2 High

CVSS3

CVE ID

Дефекты

CWE-434