Описание
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.
Ссылки
- Exploit
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Exploit
- Broken Link
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.1 (исключая)
cpe:2.3:a:cartflows:cartflows:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 5.4
github
больше 2 лет назад
The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service.
EPSS
Процентиль: 12%
0.0004
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-269