exploitDog

CVE-2024-13374

Опубликовано: 12 фев. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 6.5

EPSS Низкий

Описание

The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories.

Ссылки

https://www.joomunited.com/wordpress-products/wp-table-manager
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/128bc7ee-9763-415f-b726-0e63d4b62271?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joomunited:wp_table_manager:*:*:*:*:*:wordpress:*:*

Версия до 4.1.4 (исключая)

EPSS

Процентиль: 35%

0.0014

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-qcqc-5v7p-hrxv

CVSS3: 4.3

github

12 месяцев назад

The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories.

EPSS

Процентиль: 35%

0.0014

Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-862