Описание
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.
Ссылки
- Exploit
- Product
- Third Party Advisory
- Exploit
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5 (включая)
cpe:2.3:a:pluginmirror:wp_quick_frontend_editor:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
больше 2 лет назад
The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not have the capabilities to do so.
EPSS
Процентиль: 20%
0.00064
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862