exploitDog

CVE-2023-4643

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

Ссылки

https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shortpixel:enable_media_replace:*:*:*:*:*:wordpress:*:*

Версия до 4.1.3 (исключая)

EPSS

Процентиль: 66%

0.00513

Низкий

8.8 High

CVSS3

Дефекты

Связанные уязвимости

GHSA-h9gw-q7wq-vrfv

CVSS3: 8.8

github

больше 2 лет назад

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog

EPSS

Процентиль: 66%

0.00513

Низкий

8.8 High

CVSS3

Дефекты