Описание
The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.0 (исключая)
cpe:2.3:a:wpwhitesecurity:captcha_4wp:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
8.8 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server.
EPSS
Процентиль: 43%
0.00206
Низкий
8.8 High
CVSS3
Дефекты
CWE-22