exploitDog

CVE-2020-11548

Опубликовано: 05 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.

Ссылки

https://wordpress.org/plugins/search-meter/#developers
Product
Third Party Advisory
https://www.exploit-db.com/exploits/48197
Third Party Advisory
VDB Entry
https://wordpress.org/plugins/search-meter/#developers
Product
Third Party Advisory
https://www.exploit-db.com/exploits/48197
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:search_meter_project:search_meter:*:*:*:*:*:wordpress:*:*

Версия до 2.13.2 (включая)

EPSS

Процентиль: 93%

0.10725

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236

Связанные уязвимости

GHSA-686c-xjjw-8474

github

больше 3 лет назад

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.

EPSS

Процентиль: 93%

0.10725

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1236