exploitDog

CVE-2023-5525

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggle_auto_update AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

Ссылки

https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:*:*:*:*:*:wordpress:*:*

Версия до 2.25.26 (исключая)

EPSS

Процентиль: 21%

0.00067

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-xrp3-cvwg-fc64

CVSS3: 4.3

github

около 2 лет назад

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

EPSS

Процентиль: 21%

0.00067

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862