CVE-2019-11807

Опубликовано: 06 мая 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=update_attachment_wccm wccm_default_keys_load parameter because of a nopriv_ registration and a lack of capabilities checks.

Ссылки

https://wpvulndb.com/vulnerabilities/9262
https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin/
Exploit
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9262
https://www.wordfence.com/blog/2019/05/unauthenticated-media-deletion-vulnerability-patched-in-woocommerce-checkout-manager-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:visser:woocommerce_checkout_manager:*:*:*:*:*:wordpress:*:*

Версия до 4.3 (исключая)

EPSS

Процентиль: 60%

0.00404

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-r596-3fx5-c4pg