Описание
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
Ссылки
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.25 (исключая)
cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 71%
0.0069
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authenticated Local File Inclusion via directory traversal in the wp-admin/admin-ajax.php?action=shortcode_bwg tagtext parameter.
EPSS
Процентиль: 71%
0.0069
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-22