exploitDog

GHSA-wrpc-6v65-cc7f

Опубликовано: 29 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

Ссылки

EPSS

Процентиль: 100%

0.91471

Критический

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-434

Связанные уязвимости

CVE-2024-6366

CVSS3: 9.1

nvd

больше 1 года назад

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

EPSS

Процентиль: 100%

0.91471

Критический

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-434