Описание
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.
Ссылки
- Product
- Product
- Product
- https://plugins.trac.wordpress.org/changeset/3234676/media-library-plus/trunk/media-library-plus.phpPatch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.3.1 (исключая)
cpe:2.3:a:maxfoundry:media_library_folders:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 35%
0.00143
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
12 месяцев назад
The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to change plugin settings related to things such as IP-blocking.
EPSS
Процентиль: 35%
0.00143
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862