Описание
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII.
Ссылки
- Product
- Patch
- Third Party Advisory
- Product
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.7 (исключая)
cpe:2.3:a:hasthemes:ht_mega:*:*:*:*:free:wordpress:*:*
EPSS
Процентиль: 75%
0.00892
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.6 via the purchased_products function. This makes it possible for unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII.
EPSS
Процентиль: 75%
0.00892
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo