Описание
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.7 (исключая)
cpe:2.3:a:shapedplugin:product_slider_for_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 28%
0.00102
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.
EPSS
Процентиль: 28%
0.00102
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352
CWE-352