Описание
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.11.9 (исключая)
cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 77%
0.01084
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.
EPSS
Процентиль: 77%
0.01084
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-863