exploitDog

CVE-2014-9735

Опубликовано: 30 июн. 2015

Источник: nvd

CVSS2: 7.5

EPSS Высокий

Описание

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themepunch:showbiz_pro:*:*:*:*:*:wordpress:*:*

Версия до 1.7.1 (включая)

Конфигурация 2

cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*

Версия до 3.0.95 (включая)

EPSS

Процентиль: 99%

0.82749

Высокий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-86x3-cgp4-637q

github

больше 3 лет назад

The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.

EPSS

Процентиль: 99%

0.82749

Высокий

7.5 High

CVSS2

Дефекты

CWE-264