CVE-2019-15818

Опубликовано: 30 авг. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist.

Ссылки

https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/simple-301-redirects-addon-bulk-uploader/#developers
Product
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9503
Third Party Advisory
https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin/
Exploit
Third Party Advisory
https://wordpress.org/plugins/simple-301-redirects-addon-bulk-uploader/#developers
Product
Third Party Advisory
https://wpvulndb.com/vulnerabilities/9503
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webcraftic:simple_301_redirects:*:*:*:*:*:wordpress:*:*

Версия до 1.2.4 (включая)

EPSS

Процентиль: 41%

0.00194

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-f7jw-44w3-2924