Описание
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
Ссылки
- Product
- ExploitPatchThird Party Advisory
- Product
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (исключая)
cpe:2.3:a:dplugins:scripts_organizer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 44%
0.00221
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file
EPSS
Процентиль: 44%
0.00221
Низкий
8.8 High
CVSS3
Дефекты
CWE-352