exploitDog

CVE-2021-24641

Опубликовано: 23 нояб. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

Ссылки

https://wpscan.com/vulnerability/972f8c5d-22b7-42de-a981-2e5acb72297b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/972f8c5d-22b7-42de-a981-2e5acb72297b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imagestowebp_project:images_to_webp:*:*:*:*:*:wordpress:*:*

Версия до 1.9 (исключая)

EPSS

Процентиль: 25%

0.00089

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-7gcj-6xx8-443m

github

больше 3 лет назад

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

EPSS

Процентиль: 25%

0.00089

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352