Описание
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.4.1 (исключая)
cpe:2.3:a:content_mask_project:content_mask:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 89%
0.04467
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options
EPSS
Процентиль: 89%
0.04467
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-352