Описание
The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.15.1 (включая)
cpe:2.3:a:zao:wp_ecommerce:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 46%
0.00231
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content.
EPSS
Процентиль: 46%
0.00231
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-862