Описание
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.2 (исключая)
cpe:2.3:a:sktthemes:skt_templates:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 31%
0.00119
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages.
EPSS
Процентиль: 31%
0.00119
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862