Описание
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
Ссылки
- Issue Tracking
- Issue Tracking
- Issue Tracking
- Third Party Advisory
- Issue Tracking
- Issue Tracking
- Issue Tracking
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
EPSS
4.3 Medium
CVSS3
5.3 Medium
CVSS3