exploitDog

CVE-2025-12061

Опубликовано: 26 нояб. 2025

Источник: nvd

CVSS3: 8.6

EPSS Низкий

Описание

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

Ссылки

https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3/

EPSS

Процентиль: 11%

0.00037

Низкий

8.6 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-jgc9-7v68-88ff

CVSS3: 8.6

github

2 месяца назад

The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements

EPSS

Процентиль: 11%

0.00037

Низкий

8.6 High

CVSS3

Дефекты

CWE-352