Описание
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 5.8.1+dfsg1-2ubuntu1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | not-affected | 5.8.1+dfsg1-2ubuntu1 |
| esm-apps/noble | not-affected | 5.8.1+dfsg1-2ubuntu1 |
| esm-apps/xenial | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
EPSS
7.5 High
CVSS2
8.1 High
CVSS3
Связанные уязвимости
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
WordPress before 5.8 lacks support for the Update URI plugin header. T ...
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
EPSS
7.5 High
CVSS2
8.1 High
CVSS3