exploitDog

CVE-2021-4451

Опубликовано: 16 окт. 2024

Источник: nvd

CVSS3: 6.6

CVSS3: 7.2

EPSS Низкий

Описание

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nintechnet:ninjafirewall:*:*:*:*:*:wordpress:*:*

Версия до 4.3.3 (включая)

EPSS

Процентиль: 72%

0.00722

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-502

CWE-502

Связанные уязвимости

GHSA-pgv2-9j82-2qcq

CVSS3: 6.6

github

больше 1 года назад

The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall).

EPSS

Процентиль: 72%

0.00722

Низкий

6.6 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-502

CWE-502