exploitDog

GHSA-r596-3fx5-c4pg

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

Ссылки

EPSS

Процентиль: 60%

0.00404

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2019-11807

CVSS3: 7.5

nvd

почти 7 лет назад

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

EPSS

Процентиль: 60%

0.00404

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-434