exploitDog

CVE-2024-13900

Опубликовано: 21 фев. 2025

Источник: nvd

CVSS3: 4.1

CVSS3: 7.2

EPSS Низкий

Описание

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.

Ссылки

https://plugins.trac.wordpress.org/changeset/3244016/
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/5177bde6-4922-48ee-9155-577c392809a0?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:satollo:head\,_footer\,_and_post_injections:*:*:*:*:*:wordpress:*:*

Версия до 3.3.1 (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

4.1 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-xh29-r392-48pf

CVSS3: 4.1

github

12 месяцев назад

The Head, Footer and Post Injections plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 3.3.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject PHP Code in multisite environments.

EPSS

Процентиль: 50%

0.00266

Низкий

4.1 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-94