exploitDog

CVE-2023-5922

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content

Ссылки

https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/debd8498-5770-4270-9ee1-1503e675ef34/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*

Версия до 1.3.81 (исключая)

EPSS

Процентиль: 77%

0.01051

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-759v-jfx5-q87v

CVSS3: 7.5

github

около 2 лет назад

The Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content

EPSS

Процентиль: 77%

0.01051

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo