Описание
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
Ссылки
- Exploit
- Third Party Advisory
- Exploit
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.3 (включая)
cpe:2.3:a:datafeedr:ads_by_datafeedr.com:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 92%
0.0914
Низкий
9 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9
github
больше 2 лет назад
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.
EPSS
Процентиль: 92%
0.0914
Низкий
9 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
NVD-CWE-noinfo