CVE-2020-36725

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 8.1

EPSS Низкий

Описание

The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins for WordPress are vulnerable to an Options Change vulnerability in versions up to, and including, 1.21.11 and 1.21.4 via the 'ti-woocommerce-wishlist/includes/export.class.php' file. This makes it possible for authenticated attackers to gain otherwise restricted access to the vulnerable blog and update any settings.

Ссылки

https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/
Exploit
Third Party Advisory
https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/
Release Notes
https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99ee
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=cve
Third Party Advisory
https://blog.nintechnet.com/critical-zero-day-vulnerability-fixed-in-wordpress-ti-woocommerce-wishlist-plugin/
Exploit
Third Party Advisory
https://templateinvaders.com/changelogs/ti-woocommerce-wishlist-plugin-changelog/
Release Notes
https://wpscan.com/vulnerability/2e2fb815-7cca-4e6c-b466-179337fe99ee
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:pro:wordpress:*:*

Версия до 1.21.5 (исключая)

cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:*

Версия до 1.21.12 (исключая)

EPSS

Процентиль: 64%

0.00471

Низкий

8.8 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-whv7-rqpj-pc9p

CVSS3: 8.8

github

больше 2 лет назад

EPSS

Процентиль: 64%

0.00471

Низкий

8.8 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-862