Описание
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.4 (включая)
cpe:2.3:a:designwall:dw_question_\&_answer:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 36%
0.00153
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
CWE-639
Связанные уязвимости
CVSS3: 4.3
github
почти 4 года назад
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
EPSS
Процентиль: 36%
0.00153
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-639
CWE-639