exploitDog

CVE-2022-1570

Опубликовано: 08 июн. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.

Ссылки

https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c0257564-48ee-4d02-865f-82c8b5e793c9
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:files_download_delay_project:files_download_delay:*:*:*:*:*:wordpress:*:*

Версия до 1.0.7 (исключая)

EPSS

Процентиль: 39%

0.00177

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-fp8x-7f8g-pj5f

CVSS3: 6.5

github

больше 3 лет назад

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.

EPSS

Процентиль: 39%

0.00177

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352