CVE-2022-29451

Опубликовано: 29 апр. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory.

Ссылки

https://patchstack.com/database/vulnerability/rara-one-click-demo-import/wordpress-rara-one-click-demo-import-plugin-1-2-9-cross-site-request-forgery-csrf-leads-to-arbitrary-file-upload-vulnerability
Third Party Advisory
https://wordpress.org/plugins/rara-one-click-demo-import/#developers
Product
Third Party Advisory
https://patchstack.com/database/vulnerability/rara-one-click-demo-import/wordpress-rara-one-click-demo-import-plugin-1-2-9-cross-site-request-forgery-csrf-leads-to-arbitrary-file-upload-vulnerability
Third Party Advisory
https://wordpress.org/plugins/rara-one-click-demo-import/#developers
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rarathemes:rara_one_click_demo_import:*:*:*:*:*:wordpress:*:*

Версия до 1.3.0 (исключая)

EPSS

Процентиль: 45%

0.00227

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-g84j-7f78-5x36