exploitDog

CVE-2025-28874

Опубликовано: 11 мар. 2025

Источник: nvd

CVSS3: 6.5

CVSS3: 4.9

EPSS Низкий

Описание

Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6.

Ссылки

https://patchstack.com/database/wordpress/plugin/bp-email-assign-templates/vulnerability/wordpress-bp-email-assign-templates-by-shanebp-plugin-1-6-arbitrary-content-deletion-vulnerability?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shanebp:bp_email_assign_templates:*:*:*:*:*:wordpress:*:*

Версия до 1.8 (исключая)

EPSS

Процентиль: 30%

0.00113

Низкий

6.5 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-p6xj-35fm-qgmf

CVSS3: 6.5

github

11 месяцев назад

Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6.

EPSS

Процентиль: 30%

0.00113

Низкий

6.5 Medium

CVSS3

4.9 Medium

CVSS3

Дефекты

CWE-639