Описание
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wpulike:ulike:2.8.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:wpulike:ulike:3.1:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 44%
0.00212
Низкий
7.5 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2.
EPSS
Процентиль: 44%
0.00212
Низкий
7.5 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-732