Описание
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.1 (исключая)Версия до 1.8.6 (исключая)
Одно из
cpe:2.3:a:soflyy:export_any_wordpress_data_to_xml\/csv:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:soflyy:wp_all_export:*:*:*:*:pro:wordpress:*:*
EPSS
Процентиль: 73%
0.00756
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
около 2 лет назад
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution.
EPSS
Процентиль: 73%
0.00756
Низкий
8.8 High
CVSS3
Дефекты
CWE-352