Описание
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys
Ссылки
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajax_save_settings function in all versions up to, and including, 1.0.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's API keys
EPSS
Процентиль: 45%
0.00228
Низкий
4.3 Medium
CVSS3