Описание
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.1 (исключая)Версия до 1.2.4 (исключая)
Одно из
cpe:2.3:a:purethemes:findeo:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 53%
0.00296
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284
CWE-425
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
EPSS
Процентиль: 53%
0.00296
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-284
CWE-425