exploitDog

CVE-2023-6066

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

Ссылки

https://wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f8f84d47-49aa-4258-a8a6-3de8e7342623
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kishorkhambu:wp_custom_widget_area:*:*:*:*:*:wordpress:*:*

Версия до 1.2.5 (включая)

EPSS

Процентиль: 15%

0.00049

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-hjg3-c5c8-mj5j

CVSS3: 4.3

github

около 2 лет назад

The WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.

EPSS

Процентиль: 15%

0.00049

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862