Описание
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.0.4 (исключая)
cpe:2.3:a:wpdeveloper:simple_301_redirects:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 78%
0.01126
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites.
EPSS
Процентиль: 78%
0.01126
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862
CWE-862