exploitDog

CVE-2023-0940

Опубликовано: 20 мар. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.

Ссылки

https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/56744f72-2d48-4f42-8195-24b4dd951bb5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*

Версия до 5.3.1 (исключая)

EPSS

Процентиль: 53%

0.00307

Низкий

8.8 High

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-7q2h-f39x-vgg4

CVSS3: 8.8

github

почти 3 года назад

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.

EPSS

Процентиль: 53%

0.00307

Низкий

8.8 High

CVSS3

Дефекты

CWE-863