exploitDog

CVE-2023-6528

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

Ссылки

https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themepunch:slider_revolution:*:*:*:*:*:wordpress:*:*

Версия до 6.6.19 (исключая)

EPSS

Процентиль: 95%

0.15788

Средний

8.8 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-q942-jjg3-5jhx

CVSS3: 8.8

github

около 2 лет назад

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution.

EPSS

Процентиль: 95%

0.15788

Средний

8.8 High

CVSS3

Дефекты

CWE-502