Описание
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders on the server.
EPSS
Процентиль: 26%
0.00091
Низкий
8.1 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 8.1
github
7 месяцев назад
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders on the server.
EPSS
Процентиль: 26%
0.00091
Низкий
8.1 High
CVSS3
Дефекты
CWE-22