Описание
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.1.2 (исключая)
cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.50291
Средний
8.8 High
CVSS3
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 8.8
github
7 месяцев назад
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
EPSS
Процентиль: 98%
0.50291
Средний
8.8 High
CVSS3
Дефекты
CWE-862
CWE-862