exploitDog

CVE-2021-24757

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.

Ссылки

https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/352a9e05-2d5f-4bf7-8da9-85621fb15d91
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stylishpricelist:stylish_price_list:*:*:*:*:*:wordpress:*:*

Версия до 6.9.0 (исключая)

EPSS

Процентиль: 63%

0.00456

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

CWE-863

Связанные уязвимости

GHSA-gv86-wf87-753x

github

больше 3 лет назад

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.

EPSS

Процентиль: 63%

0.00456

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-863

CWE-863