exploitDog

CVE-2021-24742

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Ссылки

https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:radiustheme:logo_slider_and_showcase:*:*:*:*:*:wordpress:*:*

Версия до 1.3.37 (исключая)

EPSS

Процентиль: 41%

0.0019

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-p3jm-v67f-9hcg

github

больше 3 лет назад

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

EPSS

Процентиль: 41%

0.0019

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-863

CWE-863