CVE-2021-4434

Опубликовано: 17 янв. 2024

Источник: nvd

CVSS3: 10

CVSS3: 9.8

EPSS Низкий

Описание

The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.

Ссылки

https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve
Third Party Advisory
https://packetstormsecurity.com/files/163680/WordPress-Social-Warfare-3.5.2-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:warfareplugins:social_warfare:*:*:*:*:*:wordpress:*:*

Версия до 3.5.3 (исключая)

EPSS

Процентиль: 92%

0.07986

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94

Связанные уязвимости

GHSA-6gjp-6pv7-w558

CVSS3: 10

github

около 2 лет назад

EPSS

Процентиль: 92%

0.07986

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-94