Описание
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.3 (исключая)
cpe:2.3:a:wpwhitesecurity:website_file_changes_monitor:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 66%
0.00517
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection
EPSS
Процентиль: 66%
0.00517
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89