CVE-2021-24781

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edit)

Ссылки

https://plugins.trac.wordpress.org/changeset/2606615/
Patch
Third Party Advisory
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0
Exploit
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2606615/
Patch
Third Party Advisory
https://wpscan.com/vulnerability/3550ba54-7786-4ad9-aeb1-1c0750f189d0
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imagesourcecontrol:image_source_control:*:*:*:*:*:wordpress:*:*

Версия до 2.3.1 (исключая)

EPSS

Процентиль: 34%

0.0014

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-jr25-57j4-8x4x

github

больше 3 лет назад