exploitDog

CVE-2020-36712

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 8.6

CVSS3: 5.3

EPSS Низкий

Описание

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaliforms:kali_forms:*:*:*:*:*:wordpress:*:*

Версия до 2.1.1 (включая)

EPSS

Процентиль: 44%

0.00218

Низкий

8.6 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-gpgv-57wf-wgvj

CVSS3: 8.6

github

больше 2 лет назад

The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for unauthenticated attackers to delete any site post or page with the id parameter.

EPSS

Процентиль: 44%

0.00218

Низкий

8.6 High

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-862