Описание
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
EPSS
Процентиль: 37%
0.00159
Низкий
7.5 High
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 7.5
github
4 месяца назад
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
EPSS
Процентиль: 37%
0.00159
Низкий
7.5 High
CVSS3