Описание
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attackers to create and sync products.
EPSS
Процентиль: 51%
0.00275
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-259
Связанные уязвимости
CVSS3: 5.3
github
3 месяца назад
The KiotViet Sync plugin for WordPress is vulnerable to authorizarion bypass in all versions up to, and including, 1.8.5. This is due to the plugin using a hardcoded password for authentication in the QueryControllerAdmin::authenticated function. This makes it possible for unauthenticated attackers to create and sync products.
EPSS
Процентиль: 51%
0.00275
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-259