exploitDog

CVE-2021-24836

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them

Ссылки

https://wpscan.com/vulnerability/15eed13f-3195-4f5d-8933-36695c830f4f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/15eed13f-3195-4f5d-8933-36695c830f4f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:storeapps:temporary_login_without_password:*:*:*:*:*:wordpress:*:*

Версия до 1.7.1 (исключая)

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-x8f8-g3c4-95m3

CVSS3: 4.3

github

около 4 лет назад

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

CWE-352