CVE-2021-4366

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 6.3

CVSS3: 4.3

EPSS Низкий

Описание

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.

Ссылки

https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve
Third Party Advisory
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*

Версия до 1.7.33 (исключая)

EPSS

Процентиль: 9%

0.00031

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-xg55-gx79-h9h6

CVSS3: 6.3

github

больше 2 лет назад

EPSS

Процентиль: 9%

0.00031

Низкий

6.3 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-862