exploitDog

CVE-2021-25021

Опубликовано: 03 янв. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin

Ссылки

https://wpscan.com/vulnerability/92db763c-ca6b-43cf-87ff-c1678cf4ade5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/92db763c-ca6b-43cf-87ff-c1678cf4ade5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ffw:optimize_my_google_fonts:*:*:*:*:*:wordpress:*:*

Версия до 4.5.12 (исключая)

EPSS

Процентиль: 62%

0.00425

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-w8vh-gv77-c8pw

github

около 4 лет назад

The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin

EPSS

Процентиль: 62%

0.00425

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-22

CWE-22