Описание
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.
Ссылки
EPSS
Процентиль: 57%
0.00351
Низкий
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.
EPSS
Процентиль: 57%
0.00351
Низкий
5.3 Medium
CVSS3