exploitDog

CVE-2023-6741

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.

Ссылки

https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/
Third Party Advisory
https://wpscan.com/vulnerability/9debe1ea-18ad-44c4-8078-68eb66d36c4a/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:marvinlabs:wp_customer_area:*:*:*:*:*:wordpress:*:*

Версия до 8.2.1 (исключая)

EPSS

Процентиль: 32%

0.00121

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-h7v4-v2xr-w9gx

CVSS3: 4.3

github

около 2 лет назад

The WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.

EPSS

Процентиль: 32%

0.00121

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-noinfo