Описание
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.4 (исключая)
cpe:2.3:a:wp-customerarea:wp_customer_area:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
7.1 High
CVSS3
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.1
github
почти 3 года назад
The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF checks when performing some actions such as chmod, mkdir and copy, which could allow attackers to make a logged-in admin perform them and create arbitrary folders, copy file for example.
EPSS
Процентиль: 49%
0.00257
Низкий
7.1 High
CVSS3
6.1 Medium
CVSS3