exploitDog

CVE-2022-1572

Опубликовано: 27 июн. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file

Ссылки

https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/9afd1805-d449-4551-986a-f92cb47c95c5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:*

Версия до 1.0.0 (включая)

EPSS

Процентиль: 44%

0.00212

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-c938-72w7-26mv

CVSS3: 8.1

github

больше 3 лет назад

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file

EPSS

Процентиль: 44%

0.00212

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-352