exploitDog

GHSA-wmh8-mcwp-x84h

Опубликовано: 27 сент. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

Ссылки

EPSS

Процентиль: 24%

0.0008

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-2405

CVSS3: 4.3

nvd

больше 3 лет назад

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

EPSS

Процентиль: 24%

0.0008

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352