CVE-2019-20203

Опубликовано: 02 янв. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message.

Ссылки

https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md
Exploit
Third Party Advisory
https://postieplugin.com/
Product
https://wordpress.org/plugins/postie/#developers
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/10002
Third Party Advisory
https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md
Exploit
Third Party Advisory
https://postieplugin.com/
Product
https://wordpress.org/plugins/postie/#developers
Release Notes
Vendor Advisory
https://wpvulndb.com/vulnerabilities/10002
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:postieplugin:postie:*:*:*:*:*:wordpress:*:*

Версия до 1.9.40 (включая)

EPSS

Процентиль: 71%

0.00666

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-290

Связанные уязвимости

GHSA-x694-qvr9-67gw

github

больше 3 лет назад