CVE-2021-24739

Опубликовано: 21 дек. 2021

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

Ссылки

https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shapedplugin:logo_carousel:*:*:*:*:*:wordpress:*:*

Версия до 3.4.2 (исключая)

EPSS

Процентиль: 67%

0.0054

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-25jm-89cm-8q44