exploitDog

CVE-2023-6384

Опубликовано: 22 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

Ссылки

https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/fbdefab4-614b-493b-a9ae-c5aeff8323ef/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-eventmanager:user_profile_avatar:*:*:*:*:*:wordpress:*:*

Версия до 1.0.1 (исключая)

EPSS

Процентиль: 24%

0.00083

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-9j2m-4pqq-wmh6

CVSS3: 4.3

github

около 2 лет назад

The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for authorisation, allowing authors to delete and update arbitrary avatar

EPSS

Процентиль: 24%

0.00083

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639