Описание
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.1 (включая)
cpe:2.3:a:hashthemes:hashthemes_demo_importer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 52%
0.00294
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of wp-content/uploads.
EPSS
Процентиль: 52%
0.00294
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other