Описание
The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.11 (включая)
cpe:2.3:a:dpdgroup:woocommerce_shipping:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 39%
0.00176
Низкий
8.1 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.1
github
около 3 лет назад
The WooCommerce Shipping WordPress plugin through 1.2.11 does not have authorisation and CRSF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
EPSS
Процентиль: 39%
0.00176
Низкий
8.1 High
CVSS3
Дефекты
CWE-352