Описание
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.2.3 (исключая)
cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 51%
0.00277
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 4.9
github
больше 3 лет назад
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
EPSS
Процентиль: 51%
0.00277
Низкий
4.9 Medium
CVSS3
Дефекты
CWE-434