exploitDog

CVE-2023-0551

Опубликовано: 16 авг. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:minapper:rest_api_to_miniprogram:*:*:*:*:*:wordpress:*:*

Версия до 4.6.1 (включая)

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

GHSA-fw39-qr37-3qq3

CVSS3: 5.4

github

больше 2 лет назад

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

Дефекты