exploitDog

CVE-2021-25018

Опубликовано: 14 фев. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues

Ссылки

https://wpscan.com/vulnerability/9e092aad-0b36-45a9-8987-8d904b34fbb2
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9e092aad-0b36-45a9-8987-8d904b34fbb2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:najeebmedia:ppom_for_woocommerce:*:*:*:*:*:wordpress:*:*

Версия до 24.0 (исключая)

EPSS

Процентиль: 39%

0.00171

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-gvfj-h2wq-cw77

github

почти 4 года назад

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues

EPSS

Процентиль: 39%

0.00171

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-862