exploitDog

CVE-2021-24638

Опубликовано: 20 сент. 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.

Ссылки

https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c783a746-f1fe-4d68-9d0a-477de5dbb35c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ffw:omgf:*:*:*:*:*:wordpress:*:*

Версия до 4.5.4 (исключая)

EPSS

Процентиль: 88%

0.0399

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-728f-qcc4-8q48

github

больше 3 лет назад

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated users to perform path traversal and overwrite arbitrary CSS file with Google Fonts CSS, or download fonts uploaded on Google Fonts website.

EPSS

Процентиль: 88%

0.0399

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22