exploitDog

CVE-2023-0335

Опубликовано: 27 мар. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.

Ссылки

https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f7a20bea-c3d5-431b-bdcf-e189c81a561a
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpvar:wp_shamsi:*:*:*:*:*:wordpress:*:*

Версия до 4.3.3 (включая)

EPSS

Процентиль: 26%

0.0009

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-jhxw-3422-m7cw

CVSS3: 6.5

github

почти 3 года назад

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.

EPSS

Процентиль: 26%

0.0009

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352