Описание
The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.8 (исключая)
cpe:2.3:a:activecampaign:activecampaign_for_woocommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 48%
0.00249
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
около 3 лет назад
The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.
EPSS
Процентиль: 48%
0.00249
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862