exploitDog

CVE-2020-36842

Опубликовано: 16 окт. 2024

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:*

Версия до 0.9.35 (включая)

EPSS

Процентиль: 97%

0.38685

Средний

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-6636-f7qc-6vpx

CVSS3: 8.8

github

больше 1 года назад

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.

EPSS

Процентиль: 97%

0.38685

Средний

8.8 High

CVSS3

Дефекты

CWE-434