exploitDog

CVE-2021-4448

Опубликовано: 16 окт. 2024

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

EPSS Средний

Описание

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

Ссылки

https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477
Not Applicable
https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf76527-9a11-4755-992c-02fbc1a79bae?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kaswara_project:kaswara:*:*:*:*:*:wordpress:*:*

Версия до 3.0.1 (включая)

EPSS

Процентиль: 97%

0.42339

Средний

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-69cq-9pp2-wmg3

CVSS3: 7.3

github

больше 1 года назад

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

EPSS

Процентиль: 97%

0.42339

Средний

7.3 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-862