Описание
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.2.18 (исключая)
cpe:2.3:a:bologer:anycomment:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 59%
0.00382
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
EPSS
Процентиль: 59%
0.00382
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352